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(54) Information transmission, reception and recording 



(57) An inlormation processing apparatus and an in- 
formation processing method are capable of preventing 
information from being copied illegally. 

A hash function and a service key are stored in ad- 
vance in an EEPROM of a DVD player serving as a 
source. In an EEPROM of a personal computer (PC) 
serving as a sink, its ID and a license key are stored 
beforehand. The DVD player requests the PC to trans- 
mit the ID. The DVD player then applies the hash func- 
tion to data resulting from concatenation of the ID with 



the service key to generate a license key (= hash (ID || 
service_key)). Subsequently, the DVD player generates 
a source side common session key and encrypts the 
session key by using the generated license key. Then, 
the DVD player transmits the encrypted source side 
common session key to the PC. The PC decrypts the 
encrypted source side common session key by using 
the license key stored in its EEPROM to produce a sink 
side common session key which has a value equal to 
that of the source side common session key. 
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Description 

The present invention relates to an information transmission apparatus and method, an information reception 
apparatus and method, and a recording medium. Illustrative embodiments of the invention relate to such method and 
5 a recording medium that allow data to be exchanged with a higher degree of security. 

In recent years, there has been proposed a system comprising pieces of electronic equipment such as AV appa- 
ratuses and personal computers connected to each other by typically IEEE1394 serial buses wherein data can be 
exchanged among the pieces of equipment. 

In such a system, for example, the ordinary user can play back movie information by using a DVD (Digital Video 
io Disc) player and transmit the movie information to a monitor through the 1 394 serial bus to display it on the monitor. 
The conduct done by the user to display the movie information is automatically permitted by the author of the movie 
information normally through a license which was obtained when the user purchased the DVD of the movie information. 
In order to do a conduct to copy the movie information played back from the DVD player to another recording medium 
such as an optical magnetic disc, however, it is necessary for the user to obtain a special permission from the author 
is of the movie information. In the case of a copy license, typically, the optical magnetic disc apparatus is also used to 
store a key tor indicating whether or not recording movie information into an optical magnetic disc mounted on the 
apparatus is allowed. That is to say, the key is used for forming a judgment as to whether or not the optical magnetic 
disc apparatus is a valid apparatus, that is, an apparatus licensed by the author of the movie information. It the optical 
magnetic disc apparatus is authenticated as a valid apparatus, the act to record the movie information into the apparatus 
20 can be judged to be a permitted conduct. 

I n such a case, it is necessary to verify that the destination apparatus is a val id apparatus in a transfer of information 
from an apparatus transmitting the information to an apparatus receiving the information, that is, the destination ap- 
paratus. It should be noted that the information transmitting apparatus and the information receiving apparatus are 
referred to hereafter as a source and a sink respectively. 
2S Fig. 41 is a diagram showing the ordinary method for authenticating a destination apparatus. As shown in the 

figure the source and the sink are each given a predetermined function f in advance by the author. Stored in a memory 
of each of the source and sink, the function f is difficult to identify from its input and output. In addition, it is difficult for 
a person who does not know the function f to infer an output produced by the function f from an input to the function 
f . The function f is provided to and stored in only an apparatus licensed by the author. 
30 The source generates a random number r and transmits the number r to the sink through a 1 394 serial bus. The 

source also applies the function f to the random number r, generating a number x (= f(r)). 

Receiving the random number r from the source, the sink applies the function f to the random number r, generating 
a number y (= f(r)). The sink then transmits the number y to the source. 

The source compares the calculated number x with the number y received from the sink to form a judgment as to 
35 whether or not the former is equal to the latter (x = y). If the number x is found equal to the number y, the source judges 
the sink to be a valid apparatus. In this case, movie information is encrypted by using a predetermined key before 
being transmitted to the sink. . 

As the key, a value k generated by applying the function f to the number y received by the source from the sinK i 
is used (k = f (y)). By the same token, the sink also applies the function f to the number y to generate the value k (- f 
40 (y)). The value k is then, on the contrary, used as a key for decrypting the encrypted movie information. 

In this method, however, it is necessary for all pieces of electronic equipment used as sources and sinks for trans- 
mitting and receiving information respectively to hold a uniform function f in strict confidence. 

As a result, when the function f held in a piece of electronic is stolen by an unauthorized user, for example, the 
unauthorized user is capable of generating a key k by monitoring data exchanged by way of a 1 394 serial bus and is, 
4S hence, capable of interpreting or decrypting encrypted data. In this way, the unauthorized user is capable of illegally 
stealing information by posing as an authorised user using a desired piece of electronic equipment. 
Aspects of the invention are specified in the claims to which attention is invited. 

Embodiments of the present invention described by way of example hereinafter seek to further improve security 
of transmitted information by preventing an unauthorised user from posing as an authorised user using a desired piece 
so of electronic equipment even if data required for encrypting or decrypting the information is stolen by the unauthorized 
user. 

The present invention will become more apparent and will hence be more readily appreciated as the same becomes 
better understood from a study of the following illustrative description of some preferred embodiments with reference 
to accompanying diagrams in which:- 
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Figure 1 is a block diagram showing a typical configuration of an information processing system to which an em- 
bodiment of the present invention is applied; 

Fig. 2 is a block diagram showing detailed typical configurations of a DVD player 1 , a personal computer 2 and an 
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optical magnetic disc apparatus 3 in the information processing system shown in Fig. 1, 
Fiq 3 is an explanatory diagram used tor describing authentication processing; 

Fig! 4 is a diagram showing an embodiment implementing an authentication procedure for carrying out the au- 
thenticating processing shown in Fig. 3; 
s Fig 5 is a diagram showing the lormat of a node unique ID; 

Fig. 6 is a diagram showing another embodiment implementing the authentication procedure; 

Fig 7 is a diagram showing a further embodiment implementing ihe authentication procedure; 

Fig 8 is a diagram showing a still further embodiment implementing the authentication procedure, 

Fig 9 is a diagram showing still another embodiment implementing the authentication procedure, 
10 Fig* 1 0 is a block diagram showing an embodiment implementing an information processing system to wh.cn an 

embodiment of Re present invention is applied wherein a source transmits encrypted data to a plural. ty of sinks; 

Fig. 11 is a block diagram showing a typical configuration of a 1 394 interface unit 26 employed in a DVD player 1 

servinq as the source in the system shown in Fig. 10; . . 

Fig. 1 2 is a block diagram showing a typical detailed configuration of the 1 394 interface unrt 26 . shown in Fig. 11. 
is Fig. 1 3 is a block diagram showing a typical detailed configuration of an LFSR 72 employed in the 1 394 interface 

unit 26 shown in Fig. 12; . 

Fiq 14 is a block diagram showing a more concrete configuration of the LFSR 72 shown in Fig. 13, 

Fig. 1 5 is a block diagram showing a typical configuration of a 1 394 interface unit 36 employed in an optical magnetic 

disc apparatus 3 serving as a sink in the system shown in Fig. 10; 
20 Fig 1 6 is a block diagram showing a typical detailed configuration of the 1 394 interface unit 36 shown in Fig. 1 5 

Fig". 17 is a block diagram showing a typical configuration of a 1394 interface unit 49 employed in a personal 

computer 2 serving as another sink in the system shown in Fig. 10; 

Fig 1 8 is a block diagram showing a typical detailed configuration of the 1 394 interface unit 49 shown in Fig. 17; 
Fig*. 19 is a block diagram showing a typical configuration of an application module 61 employed in the personal 
25 computer 2 serving as the other sink in the system shown in Fig. 10; . iQ . 

Fig 20 is a block diagram showing a typical detailed configuration of the application module 61 shown in Fig. 1 9 
Fig! 21 is a block diagram showing another typical detailed configuration of the 1 394 interface unit 26 employed 
in the DVD player 1 serving as the source in the system shown in Fig. 10; . 

Fig. 22 is a block diagram showing another typical detailed configuration of the 1394 interface unit 36 employed 
so in the optical magnetic disc apparatus 3 serving as the sink in the system shown in Fig. 10; 

Fig. 23 is a block diagram showing another typical detailed configuration of the 1 394 interface unrt 49 employed 
in the personal computer 2 serving as the other sink in the system shown in Fig. 10; 

Fig. 24 is a block diagram showing another typical configuration of the application module 61 employed in the 
personal computer 2 serving as the other sink in the system shown in Fig. 10; 
35 Fig 25 is a diagram showing a still further embodiment implementing the authentication procedure; 

Fig 26 is a diagram showing a continuation procedure to the authentication procedure shown in Fig. 25, 
Fig' 27 is a diagram showing an alternative continuation procedure to the authentication procedure shown in Fig. 25, 
Fiq 28 is a block diagram showing the configuration of another embodiment implementing an information process- 
ing system to which an embodiment of the present invention is applied wherein a source transmits encrypted data 

Rg 8 29 te a block diagram showing a random number generator 903 or 914 employed in the source or the sink 
respectively in the system shown in Fig. 28; . 
Fig. 30 shows a flowchart representing operations carried out by a processing circuit 902 or 91 3 employed in the 
source or the sink respectively in the system shown in Fig. 28; 
45 Fig. 31 is a diagram showing a still further embodiment implementing the authentication procedure; 

Fig 32 is a diagram showing the format of a packet; 

Fig. 33 is a diagram showing a still further embodiment implementing the authentication procedure; 
Fig 34 is a block diagram showing a typical configuration of a CBC mode; 

Fig 35 is a diagram showing a still further embodiment implementing the authentication procedure; 
so Fig 36 is a diagram showing a still further embodiment implementing the authenticate procedure; 

Fig 37 is a diagram showing a still further embodiment implementing the authentication procedure; 

Fig 38 is a diagram showing a still further embodiment implementing the authentication procedure; 

Fig 39 is a diagram showing a still further embodiment implementing the authentication procedure; 

Fig. 40 is a diagram showing a still further embodiment implementing the authentication procedure; and 
55 Fig. 41 is a diagram showing the ordinary authentication procedure. 

Fig 1 is a block diagram showing atypical configuration of an information processing system to which an embod- 
iment of the present invention is applied. As shown in the figure, in the configuration, a DVD player 1, a personal 
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computer 2. an optical magnetic disc apparatus 3. a data broadcasting/receiving apparatus 4. a monitor 5 and a tele- 
vision receiver 6 are connected to each other by an IEEE1394 serial bus 11. 

Fig 2 is a block diagram showing detailed typical configurations ot the DVD player 1 . the personal compuler 2 and 
the opiical magnetic disc apparalus 3 in the information processing system shown in Fig. 1 . The DVD player 1 comprises 
s a CPU 21 a ROM unit 22, a RAM unit 23. an operation unit 24. a drive 25. a 1 394 interlace unit 26 and an EEPROM 
unit 27 which are connected to each other by an internal bus 28. As shown in the figure, the DVD player 1 is connected 
to the 1394 serial bus 11 through a 1394 interlace unit 26. The CPU 21 carries out various kinds of processing by 
execution of a program stored in the ROM unit 22. The RAM unit 23 is used for properly storing information such as 
data and the program which are required by the CPU 21 in carrying out the processing. The operation unit 24 comprises 
to components such as buttons, switches and a remote controller. When ihe user operates the operation unit 24, a signal 
representing the operation is generated. The driver 25 drives a DVD which is not shown in the figure, playing back 
data recorded on the DVD. The EEPROM unit 27 is used for storing information which needs to be stored even after 
the power supply ot the DVD player 1 is turned off. In the case ot the presenl embodiment, an exampte of such infor- 
mation is an encryption /decryption key. The internal bus 2B is used for connecting the CPU 21. the ROM 
is RAM unit 23, the operation unit 24, the drive 25. the 1394 interface unit 26 and the EEPROM unit 27 to each other 
Much like the DVD player 1, the optical magnetic disc apparalus 3 comprises a CPU 31. a ROM unit 32 a ham 
unit 33, an operation unit 34, a drive 35, a 1 394 interface unit 36 and an EEPROM unit 37 which are e «nnecte d to , each 
other by an internal bus 38. Since the CPU 31 to the internal bus 38 have the same functions of the CPU 21 to the 
internal bus 28 employed in the DVD player 1 respectively, their explanation is not repeated. The only exception is that 
zo the driver 35 drives an optical magnetic disc which is not shown in the figure instead of a DVD. The driver 35 records 
and plays back data into and from the optical magnetic disc. ~r- a r»^n ■« cn „,w.^ 

In addition to a CPU 41 , a ROM unit 42, a RAM unit 43, a 1394 interface unit 49 and an EEPROM unit 50 which 
are connected to each other by an internal bus 51 . the personal computer 2 also includes an input/output interface unit 
44 a keyboard 45. a mouse 46. an HDD (Hard Disc Drive) 47 and an expansion board 48. The personal computer 2 
25 is connected to the 1394 serial bus 11 through the 1394 interface unit 49. The CPU 41 carries out various kinds of 
processing by execution of a program stored in the ROM unit 42. The RAM unit 43 is usedtor properly storing information 
such as data and the program which are required by the CPU 41 in carrying out the processing. Connected to the 
internal bus 51. the input/output interface unit 44 serves as an interlace between the CPU 41 and the keyboard 45 
the mouse 46. the HDD 47 and the expansion board 48. The input/output interface unit 44 passes on signals input 
so irom the keyboard 45 and the mouse 46 connected to the interlace unit 44 to the CPU 41 by way of the internal bus 
51 Connected to the HDD 47. the input/output interface unit 44 allows data and a program coming from the internal 
bus 51 to be stored into the HDD 47 and, on the contrary, data and a program stored in the HDD 47 to be read out ana 
forwarded to the internal bus 51 . The expansion board 48 is connected to the input/output interlace unit 44, if needed, 
allowing necessary functions to be added to the personal computer 2. The EEPROM unit 50 is used for stor.ng .nfor- 
35 mation which needs to be stored even after the power supply ol the personal computer 2 is turned off .In the case ol 
the present embodiment, an example of such information is a variety of encryption/decryption keys. The interna bus 
51 is a local bus typically implemented by a PCI (Peripheral Component Interconnect) bus for connecting the CPU 41 
the ROM unit 42, the RAM unit 43. the 1394 interlace unit 49. the EEPROM unit 50 and the input/output .nterface unit 

44 to each other. . . 4 , . , ,. . 

40 It should be noted that the internal bus 51 is designed in an architecture open to the user through the 'nP^output 

interface unit 44. That is to say, the user is allowed to connect an additional board as an expansion board 48 to he 
input/output interface unit 44, if required, and to write a custom program for the additional board to be installed in the 
personal computer 2. The CPU 41 then executes the cuslom program, properly exchanging data with the expansion 
board 48 by way of the internal bus 51 in order to implement a desired function. 

<5 m the case of a consumer electronic (CE) apparatus such as the DVD player 1 and the opt.cal magnetic disc 

apparatus 3, on the contrary, their internal buses 28 and 38 are not designed in an architecture open to the user. Thus, 
the user is not capable of acquiring data transmitted by way of the internal bus 28 or 38 unless the internal bus 28 or 

38 is redesigned specially. ... „ 

The following is a description ol processing of authentication of a sink carried out by a source with reference to 

so Figs. 3 and 4. Fig. 3 is an explanatory diagram used for describing the authentication processing. As shown in the 
figure, the processing is typically carried out by firmware 20 stored as a program in advance in the ROM I unit 1 22 
employed in the DVD player 1 serving as the source to authenticate a license manager 62 stored in the ROM unit 42 
to be executed as a program by the CPU 41 employed in the personal computer 2 serving as the sink. 

Fig 4 is a diagram showing an embodiment implementing a procedure whereby the source implemented typically 

55 by the DVD player 1 authenticates the sink implemented typically by the personal computer 2 by allowing the sink to 
generate a sink side common session key having the same value as a source side common session key generated 
by the source only If the sink is a valid sink. In the EEPROM unit 27 employed in the DVD player 1, a serv.ce key and 
a hash function are stored in advance. The service key and the hash function are given by an author of information to 
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the user of the DVD player 1 who has to keep them in the EE PROM unit 27 in stnct conf.dence. 

The author provides the user with a service key tor each piece of information created by the author. The service 
key is used as a key common to all apparatuses connected to each other by the 1394 serial bus 11 to compose a 
system. It should be noted that, in the present specification, the term system is used to imply the whole system com- 
DrisinQ a plurality of apparatuses. , t _ _ . , ■ 

The hash function is used tor transforming an input with an arbitrary length into output data with a fixed length 
such as 64 bits or 1 28 bits. Let the transformation be expressed by y = hash (x) where the symbol x is the i input to the 
hash function and the symbol y is the data output by the function. In this case, the hash function .s such a complex 
function that it is difficult to find the value of x from a given value of y. The hash function is such a <^>^* °" 
that it is difficult to find a pair of xl and x2 that salisfies the equation hash (xl) = hash (x2). MD5 and SHA are each the 
name of a function known as a representative one-way hash function. For details of the one-way hash Junction .refer 
to a reference with a title 'Applied Cryptography" authored by Bruce Schneier. a second edrt.on published I by - WHey 

in the personal computer 2 used as a typical sink in the example shown in Fig. 4. on the other hand an ID unique 
to the electronic apparatus, that is. the personal compuler 2 in Ihis case, and a license key provided in advance by the 
author of information are stored in strict confidence in the EEPROM unit 50. This node (apparatus) unique ID is normally 
assigned to the electronic apparatus by the manufacturer of electronic equipment as will be descnbed later. The cense 
key is a value resulting from application of the hash function to (n + m)-bit data which is obtained by concatenating the 
n-bit ID with the m-bit service key. Thus, the license key can be expressed by the following equation. 

Iicense_key = hash (ID || service_key) 



where the notation "ID || service_key' represents a concatenation of the ID with the service key. 

A node_unique_ID determined by specifications of the 1394 bus 11 can be typically used as an ID. F.g. 5 is a 

2S diagram showing the format of the node unique ID. As shown in the figure, the node unique ID comprises 8 bytes (o 
64 bits). The first 3 bytes are controlled by Ihe IEEE and given by the IEEE to a manufacturer of electronic equipmen 
as a number unique to the manufacturer. On the other hand, the low-order 5 bytes can be assigned by the manufacturer 
of electronic equipment itseff to an electronic apparatus sold to the user. Typically, each value of the whole ^-ordBt 
5 bytes are assigned by the electronic equipment maker to an electronic apparatus as a senal number of the apparatus. 

30 Since the high-order 3 bytes have a value unique to the manufacturer of electronic equipment, the node uniqueJD is 
unique to each of electronic apparatuses without regard to whether the apparatuses are produced by the same man- 
ufacturer or different manufacturers. «„J«.tk«» 

As shown in Fig. 4, the procedure begins with a step SI at which Ihe firmware 20 in the DVD player I controls he 
1 394 interface unit 26 to make a request to the personal computer 2 for the ID thereof to be transmitted by way of the 

35 1 394 serial bus 11 . Then, the procedure goes on to a step S2 at which the license manager 62 of the personal computer 
2 receives the request for the ID. To put it in detail, the 1394 interface unit 49 employed in the pe rsonal °°™P ut ° r * 
passes on the request for the ID transmitted by the DVD player 1 by way of the 1 394 serial bus 11 to the CPU 41 The 
procedure then proceeds to a step S3 at which the license manager 62 being executed by the CPU 41 reads out the 
ID from the EEPROM unit 50 in accordance with the request forwarded thereto by the 1394 interlace unit 49 and 

40 transmits the I D to the DVD player 1 by way of the 1 394 interlace unit 49 and the 1 394 serial bus 11 . 

Then, the procedure continues to a step S4 at which the 1394 interface unit 26 employed in the DVD player 1 
receives the ID and passes on it to the firmware 20 being executed by the CPU 21. 

Subsequently, the procedure goes on to a step S5 at which the firmware 20 concatenates the ID received from 
the personal computer 2 with a service key stored in the EEPROM unit 27 to form data (ID || service J<ey). Then, a 

as license key Ik is computed by applying the hash function to the data (ID || service_key) as shown in the following 
equation: 



Ik = hash (ID || service_key) 



The procedure then proceeds to a step S6 at which the firmware 20 generates a source side common session key 
sk, details of which will be described later. The source side common session key sk will be used as a common session 
key S by both ihe DVD player 1 to encrypt a clear text to be transmitted and by the personal computer 2 to decrypt an 

encrypted text received from the DVD player 1 . 

55 Then, the procedure continues to a step S7 at which the firmware 20 encrypts the source side common sess on 

key sk generated at the step S6 by using the license key Ik computed at the step S5 as a key to produce an encrypted 
source side common session key e in accordance with the following equation: 



5 



EP 0 874 300 A2 



e = Enc (Ik, sk) 



It should be noted that the expression Enc ^ 
session key encryption/decryption technique whereby data B is encrypted by us.no a key A to produce an encrypted 
source side common session key eon the lett hand side ot the equation. 

Subsequently, the procedure goes on to a step S8 at which the firmware 20 transmits the encrypted source side 
common seTon'key e'generated at the step S7 to the persona, computer 2. To put it in detail the «^ ~«» 
side common session key e is transmitted by the 1 394 hterface unit 26 employed ,n the DVD player 1to the persona, 
computer 2 by way of the 1394 serial bus 11. The procedure then proceeds to a step S9 at wh.ch the Mmtotace 
unit 49 employed in the personal computer 2 receives the encrypted source side "^«« 6 « k ^ ' 
license manager62 decrypts the encrypted source side common session tay. passed on J?'^^^ 8 ^ 
unit 49 by using a license key provided in advance by the author of information and stored in the EEPROM unit 50 as 
a key to produce a sink side common session key sk' in accordance with the following equation: 

sk 1 = Dec (licensejcey, e) 

It should be noted that the expression Dec (A, B) on the right hand side of the above equation represents the 
20 common session key encryption/decryption technique whereby encrypted data B is in this case decrypted by us.ng a 
key A to produce a sink side common session key sk' on the left hand side of the equation. 

It is also worth noting that a DES algorithm is known as a data encrypting/decrypting algorithm adopted m he 
common session key encryption/decryption technique which is also described in deta.l in the second edition of the 
reference with the title "Applied Cryptog^aphy ,, cited above. 
2S The Lens^key proviSL by th^author of information and stored in the EEPROM unit 50 emp.oyed in the persona, 

computer 2 in advance has a value which was computed by the author by using the same hash function as Hcense the 
key Ik was generated by the DVD player 1 at the step S5. That is to say, the following equation holds true: 
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Ik = license_key 



Thus, based on the common source side common session key encryption/decryption technique us.ng the same 
(license) key, the decryption carried out by the personal computer 2 at the step S10 is just Reversed ^^J* J» 
encryption performed by the DVD player 1 at the step S7. As a result, since e ,s the encrypted data of h source s 
common session key sk generated by the DVD player 1 at the step S6. the s,nk side common se^ 
by the personal computer 2, that is. a result of the decryption of the encrypted source side common session key e, is 
equal to the source side common session key sk. That is to say. ihe following equat.on holds true: 



sk' = sk 



In this way. since the source and sink side common session keys sk and sk' have the same value, the source 
implemented typically by the DVD player 1 and the sink implemented typically by the personal computer 2 can share 
a common sessL key S. For this reason, the DVD player 1 can use the key sk as an encryption ke jy as it ist > encryp 

45 a clear text created by the author to be transmitted to the personal computer 2. By the same token, the personal 
computer 2 can use the sink side common session key sk' as a decryption key as it is to decrypt an encrypted text 
received from the DVD player 1 . As an alternative, the DVD player 1 generates a pseudo random number to be used 
as an encryption key by^ng the source side common session key sk as a base as will be ^^^^ 
the personal computer 2 generates a random number to be used as a decryption key by us.ng the s.nk side common 

so session key sk" as a base as will also be described later. „„„i„ ln „ 
As described above, the license key Ik is generated at the step S5 of the procedure shown in F.g. 4 by applying 
the hash function to a concatenation ot an ID unique to a particular electronic apparatus and a service provided 
tor a text created by the author. Thus, in a pair of electronic apparatuses wherein the source does not have the service 
key for the text and/or the sink does not have the ID unique to the legal owner, it is impossible to generate the correct 

55 license key Ik (Refer to the step S5 of the procedure shown in Fig. 4). In addition, an electronic apparatus b ^ authen- 
ticated by the author is not provided with a license key and. thus, not capable ot generating the session key sk (Refer 
to the step S10 of the procedure shown in Fig. 4). In a normal case, after the procedure shown .n Fig. 4 IS competed 
the DVD player 1 encrypts reproduced data or a clear text by using the source side common session key sk and 
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transmits the encrypted data or the encrypted text to the personal computer 2, Provided with a correct license key, the 
personal computer 2 is capable of generating the sink side common session key sk' (Refer to the step S10 ot the 
procedure shown in Fig. 4). The personal computer 2 is thus capable of decrypting the encrypted playback data or the 
encrypted text received from the DVD player 1 by means of the sink side common session key sk 1 . If the personal 

s computer 2 is not a licensed electronic apparatus, however, it will be impossible to generate the sink side common 
session key sk' because the correct license key is not available. As a result, the unlicensed personal computer 2 is 
not capable of decrypting the encrypted playback data or the encrypted text received from the DVD player 1 . In other 
words only a sink capable of generating a sink side common session key sk' having the same value as the source 
side common session key sk generated by the source is authenticated in the end. This is because only a particular 

io electronic apparatus serving as an authorized source which has a service key provided by an author for information 
or a text created by the author and receives a correct ID from an authorized sink is capable of generating the correct 
license key Ik. By the same token, only a particular electronic apparatus serving as an authorized sink which is provided 
with the correct license key by the author is capable of generating the correct sink side common session key sk' for 
use as a decryption key to decrypt encrypted data or an encrypted text. 

is Assume that a license key granted to a personal computer 2 is stolen by any chance. In this case, nevertheless, 

the stolen license key can not be used in another electronic apparatus to generate a valid sink side common session 
key sk' because the other apparatus has an ID different from that assigned to the personal computer 2. Since the ID 
varies from apparatus to apparatus as such, another electronic apparatus will not be capable of decrypting the en- 
crypted playback data or the encrypted text received from the DVD player 1 by means of the stolen license key. As a 

20 result, the security of transmitted information can be enhanced. 

By the way an unauthorized user may know both the encrypted source side common session key e and the source 
side common session key sk by any chance for some reasons. In this case, since the encrypted source side common 
session key e is a kind of text resulting from encryption of the source side common session key sk using the license 
key Ik, it is quite within the bounds of possibility that the unauthorized user is capable of obtaining the correct value of 

2S the license key Ik by using all values of the license key Ik in the encryption of the source side common session key sk 
using the license key Ik to calculate the encrypted source side common session key e on a trial-and-error basis provided 
that the algorithm of the encryption is disclosed. 

In order to prevent an unauthorized user from launching such a kind of attack, the process to reversely derive a 
license key from a known encrypted source side common session key e and a known source side common session 

so key sk can be made difficult by keeping the algorithm of the encryption in strict confidence, that is, by not disclosing 
part or all of the encryption algorithm to the public. 

By the same token, a process to reversely derive a service key from a known license key and an ID by using all 
values of the service key and the known ID in a hash function to produce the known license key on a trial-and-error 
basis can be made complicated by keeping the hash function in strict confidence, that is, by not disclosing part or all 

35 of the hash function to the public. 

Fig. 6 is a diagram showing another embodiment implementing an authentication procedure whereby a source 
implemented typically by the DVD player 1 authenticates two sinks implemented typically by the personal computer 2 
and the optical magnetic disc apparatus 3 respectively by allowing each of the sinks to generate a sink side common 
session key having the same value as a source side common session key generated by the source only if the sinks 

40 are valid sinks. 

In the EEPROM unit 50 employed in the personal computer 2 serving as the first sink, ID 1, an identification 
assigned in advance uniquely by a manufacturer of electronic equipment to the personal computer 2, and License Key 
1, a license key provided in advance by an author of information to the computer 2 are stored. By the same token, in 
the EEPROM unit 37 employed in the optical magnetic disc apparatus 3 serving as the second sink, I D 2, an I D assigned 

45 in advance uniquely by a manufacturer of electronic equipment to the disc apparatus 3, and License Key 2, a license 
key provided in advance by the author of information to the disc apparatus 3 are stored. 

Since pieces of processing carried out at the steps S11 to S20 by the DVD player 1 serving as the source and the 
personal computer 2 serving as the first sink are in essence the same as those of the steps S1 to S1 0 of the procedure 
shown in Fig, 4, their explanation is not repeated. 

50 In brief, the personal computer 2 generates a valid sink side common session key skV from an encrypted source 

side common session key e1 received Irom the DVD player 1 at the step S20 as described above. The procedure then 
goes on to a step S21 at which the firmware 20 in the DVD player 1 controls the 1394 interface unit 26 to make a 
request to the optical magnetic disc apparatus 3 lor the ID thereof to be transmitted by way of the 1 394 serial bus 11 . 
Then, the procedure goes on to a step S22 at which firmware 30 of the optical magnetic disc apparatus 3 shown in 

55 Fig 10 receives the request for the ID. To put it in detail, the 1 394 interface unit 36 employed in the optical magnetic 
disc apparatus 3 passes on the request for the ID transmitted by the DVD player 1 by way ol the 1394 serial bus 11 
to the CPU 31 . The procedure then proceeds to a step S23 at which the firmware being executed by the CPU 31 reads 
out the identification ID2 from the EEPROM unit 37 in accordance with the request forwarded thereto by the 1394 
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interface unit 36 and transmits the identification ID2 to the DVD player 1 by way of the 1394 interlace unit 36 and the 

1394 serial bus 11. . . 4 . . . 

Then, the procedure continues to a step S24 at which the 1394 interface unit 26 employed in the DVD player 1 
receives the identification ID2 and passes on it to the firmware 20 being executed by the CPU 21. 

Subsequently the procedure goes on to a step S25 at which the firmware 20 concatenates the identification ID2 
received from the optical magnetic disc apparatus 3 with a service key stored in the EEPROM unit 27 to form data (ID2 
|| service.key). Then, a license key Ik2 is computed by applying the hash function to the data (ID2 || service_key) as 
shown in the following equation: 

Ik2 = hash (ID2 || service_key) 

Then the procedure continues to a step S26 at which the firmware 20 encrypts the source side common session 
key sk generated at the step SI 6 by using the license key Ik2 computed at the step S25 as a key to produce an 
encrypted source side common session key e2 in accordance with the following equation: 

e2 = Enc (Ik2, sk) 

Subsequently the procedure goes on to a step S27 at which the firmware 20 transmits the encrypted source side 
common session key e2 generated at the step S26 to the optical magnetic disc 3. To put it in detail, the encrypted 
source side common session key e2 is transmitted by the 1 394 interface unit 26 employed in the DVD player 1 to the 
optical magnetic disc apparatus 3 by way of the 1 394 serial bus 11. 

The procedure then proceeds to a step S28 at which the 1394 interface unit 36 employed in the optical magnetic 
disc 3 receives the encrypted source side common session key e2. Then, the procedure proceeds to a step S29 at 
which the firmware 30 decrypts the encrypted source side common session key e2 passed on thereto by the 1394 
interface unit 36 by using a license key (license.key 2) stored in the EEPROM unit 37 as a key to produce a sink side 
common session key sk2' in accordance with the following equation: 

sk2' = Dec (license_key 2, e2) 

As described above, the personal computer 2 and the optical magnetic disc apparatus 3 generate the sink side 
common session keys ski ' and sk2' at the steps S20 and S29 respectively. Normally, the sink side common session 
keys ski ' and sk2' have the same value as the source side common session key sk generated by the DVD player 1 at 

the step S1 6. , t _ ... 

In the procedure shown in Fig. 6, the DVD player 1 makes requests for an ID to the personal computer 2 and the 
optical magnetic disc apparatus 3 separately. It should be noted, however, that in the case of broadcasting communi- 
cation wherein requests can be made at the same time, processing according to an embodiment implementing a 
procedure like one shown in Fig. 7 can be carried out. 

As shown in the figure, the procedure begins with a step S41 at which the DVD player 1 transmits requests to all 
sinks, that is; the personal computer 2 and the optical magnetic disc apparatus 3, for the IDs thereof by broadcasting 
communication. Then, the procedure goes on to steps S42 and S43 at which the personal computer 2 and the optical 
magnetic disc apparatus 3 respectively receive the requests for the IDs. The procedure then proceeds to steps S44 
and S45 at which the personal computer 2 and the optical magnetic disc apparatus 3 read out the identifications ID1 
and ID2 from the EEPROM units 50 and 37 respectively and transmit them to the DVD player 1. Then, the procedure 
continues to steps S46 and S47 at which the DVD player 1 receives the identifications ID1 and ID2 respectively 

Subsequently, the procedure goes on to a step S48 at which the DVD player 1 concatenates the identification ID1 
received from the personal computer 2 with a service key stored in the EEPROM unit 27 to form data (ID1 || service 
key). Then, a license key Ik1 is computed by applying the hash function to the data (1D1 || service_key) as shown in 
the following equation: 

Ik1 = hash (ID1 || service_key) 

Subsequently, the procedure goes on to a step S49 at which the DVD player 1 concatenates the identification ID2 
received from the optical magnetic disc apparatus 3 with the service key stored in the EEPROM unit 27 to form data 
(ID2 1| service_key). Then, a license key Ik2 is computed by applying the hash function to the data (ID2 1| service_key) 
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Ik2 = hash (ID2 || service_key) 



The procedure then proceeds to a step S50 at which the DVD player 1 generates a source s.de comrnon ^session 
key sk. Then, the procedure continues to a step S51 at which the DVD player 1 encrypts " d f o ™^ 
session key sk generated at the step S50 by using the license key Ikl computed at the step S48 as a key to produce 
an encrypted source side common session key e1 in accordance with the following equation: 



e1 = Enc (Ik1.sk) 



Then, the procedure continues to a step S52 at which the DVD player 1 1 encrypts the 
key sk generated at the step S50 by. using the license key lk2 computed at the step S49 as a key to produce an 
encrypted source side common session key e2 in accordance with the following equation. 



e2 = Enc (Ik2, sk) 



The procedure then goes on to a step S53 at which the identification ID1. the encrypted source side common 
session key e1. the identification ID2 and the encrypted source side common session key e2 are concatenated to 
produce an encrypted source side common session key e as follows: 



2S e = ID1 || ©1 || ID2 || e2 



Subsequently, the procedure goes on to a step S54 at which the DVD player \ Xransmts he ^^^l 
side common session key e to the personal computer 2 and the optical magnetic d.sc apparatus 3 b broadcas img 
so communication. The procedure then proceeds to steps S55 and S56 at which the ^^^^11^^^ 
magnetic disc apparatus 3 receive the encrypted source side common session key e. Then, the ^procedure proceeds 
to s^ P sS57and P S58at which the persona, computer 2 and the optical magnetic disc 

source side common session keys e1 and e2 extracted 1rom the ™^°j£" ree l^TJT^Xo or^l 
using the license keys License Key 1 and License Key 2 stored in the EEPROM units 50 and 37 as keys to produce 
35 sink side common session keys ski ' and sk2' respectively in accordance with the following equations: 

ski ' = Dec (License_key 1 , e1 ) 
sk2' = Dec (License_key 2, e2) 

Fig 8 is a diagram showing an embodiment implementing a procedure of authentication processing whereby only 
a valid sink will generate a sink side common session key sk' having the same value as a source s.de common session 
key sk generated by a source in a system wherein the sink is capable of rendering a plurality of serv ces^at s 
decrypting a plurality of kinds of information. To handle the different kinds of information the personal , computer 2 
servTng at the'sink is provided with a plurality of license keys stored in the EE PROM ^J^^^^l 

as License key 2, License key 3 etc. for the different kinds of information. By the same token, the DVD flayer 1 1 sen/ing 
as a source has information on a plurality of service .Ds for identifying which kinds of information to be transmme d to 
the sinkand a plurality of service keys stored in the EEPROM unit 27 such as Service.key 1 Serv.ce key 2, Serv.ee key 
3 etc. used ^generating License.key 1 . License.key 2, License.key 3 etc. res P ectK,e.y. ^^ ^^Zlt 
out in the procedure shown in Fig. 8 are similar to those of the procedure shown in F.g. 4 except for the o ow.ng rtep* 

so TO begin with, at a step SB1 . the DVD player 1 transmits a request for an ID along with a service . D for « a 
kind of information, which is to be serviced by the personal computer 2 used as he s,nk, o the * 
Then, at a step S85. a license key Ik is generated by the DVD player 1 by application of the hash fun ct.o .to _a MD 
received from the personal computer 2 and one of Service_key 1 . Service.key 2. Serv.ce_key 3 e un J« EE p ROM 
unit 27 which is associated with the kind of information to be transmitted to the sink that ,s. ^^^^ 

ss , D transmitted to the personal computer 2 at the step S81 . Finally, at a step S90, the personal compute 2 ' 9°™*°* 
a sink side common session key sk' from an encrypted source side common session key e ^recerved from th DVD 
player 1 at a step 89 and one of License.key 1. License.key 2. License.key 3 etc. .n the EEPROM un.1 50 that .s 
associated with the service ID received from the DVD player 1 at the step S82. 
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Fia 9 is a diagram showing another embodiment implementing a procedure of authentication whereby only a valid 
session key sk generated by a source. In this case, the DVD player 1 1 used as a 

function and a pseudo random number generating lunction pRNG wh.ch are stored '" the f ^°^^Xn 

generating lunction pRNG which are given by the author of the information. 

The license key LK is a unique random number generated by the author whereas the l.cense key LK is also 
generated by the author so as to satisfy the following equation: 



45 



50 



LK' = G A - 1 (R) 



where R = pRNG (H) (+) pRNG (LK) 
Wh TsL^ 

lunction of the confusion function G. The value of the inverse function G - -1 can be . w rth ease ^p 
predetermined rules are known. If the predetermined ru.es are not known, however, ,t ^"'^JKSSS 
of the inverse lunction G A -1. A function used in encryption based on a ^^^^Zt^ 
In addition, the function pRNG for generating a random number can be implemented by hardwar^ 
As shown in Fig. 9. the procedure begins with a step S101 at which the f.rmware20 .n the DVD player 1 • 
request to the license manager 62 of the personal computer 2 for the I D thereof ^^^^Z foMhe^D 
goes on to a step S102 at which the license manager 62 of the personal ^P^l"^^^£££ m1l 
The orocedure then proceeds to a step S1 03 at which the license manager 62 reads out the ID from the ttK ^™ 
^T^^rZZ^Tr^: and' transmits the ID to the DVD player 1 . Then, the procedure cont.nues to a step 

810 i!2S£ rpSX-Vto a step S105 at which the —20 concatenates the .D received from 



H = hash (ID || service_key) 



The orocedure then proceeds to a step S106 at which the firmware20 generates a source side common session 
key l£fZ^£M**m»» to a step S107 at which the firmware20 compute an ™W^*™ C °^ 
common session key e from the value H generated at the step S105 and the source side common ses Sl on key sk 
generated at the step S106 in accordance with the following equation: 



e = sk (+) pRNG (H) 



where the notation ( + ) used on the right hand side of the above equation is the operator ^f the operation tt> compute 
an exclusive logical sum and. thus, an expression A < + ) B represents the ^™J^™«%%£ I encrypted 
That is to say, at the step S107. the source side common session key sk generated at the step S106 * °™W™> 
to produce the encrypted source side common session key e by finding the exclusive , togca. ^'^^^ 
sk and the corresponding bit of pRNG (H), a random number obtained by applying the pseudo random number gen 

^uose^ 

~c^ 

55 keys to produce a sink side common session key sk' in accordance with the following equation: 



sk' = e (+) G (LK 1 ) (+) pRNG (LK) 
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That is to sa, at the step S110. the encrypted source , ^l^^^^^^^^Z 
, is decrypted to produce the sin* ^^^^^"^^^ function G stored in the 
source side common session key e, G <LK). a value * ^ y a obtained by 

EEPROM unit 50 to the license key LK' also stored .n the J=f ™^ 50 to the license key 

applying the pseudo random number generating funct.on pRNG also stored in the elphum un 

LK also stored in the EEPROM unit 50. eoee :„ n - k > Generated by the personal computer 

Much like the procedure shown in Fig. 4. the s.nk s.de common ^^J^^^S^ the DVD player 1 at 
2 at the step S110 has the same value as the source s.de common sess.on key sk generateo oy h 
the step S6. The fact that sk = sk' is proven by the following: 
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sk' = e (+) G (LK 1 ) (+) pRNG (LK) 

Substituting (. k W pRNG (H)) tor e in the expression on the right hand side ot the above equation yie.ds the following 
is equation: 

sk' = sk (+) pRNG (H) (+) G(LK') (+) pRNG (LK) 

20 Since G(LK') = G( G A - 1 (R)) = R. the lollowing equation is obtained: 

sk' = sk (+) pRNG (H) (+) R (+) pRNG (LK) 

25 substituting ( P RNG (H, (♦> pRNG (LK)) lor R in the expression on the right hand side ol the above equation yie.ds the 
following equation: 
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Sk' = Sk ( + ) pRNG (H) ( + ) pRNG (H) ( + ) pRNG 
(LK) (+) pRNG (LK) 
= Sk 

As described above, the source and sink side common session 
both the DVD piayer 1 and the persona, computer 2 source and a *nk Wjjj^^ Reys LK and 

procedures described previously, it is only an author of information who .s capable ot^ genera i B x 
LK' Thus an attempt made by a source to illegally generate the license keys LK and LK will end ,n 
result, the security of transmitted information can be further improve «■ h . k t0 gener ate 

in the authentication procedures described above, a source BUthent.cates a sink by aHowing tn g 
a sink side common session key sk' having the same value as a ^^^^^^^^J^ ordinary 
the source only » the sink is a valid sink. The procedure can also be pr0 g ra m obtained 

operation to load an application program in the personal computer 2 » P"^^^ „ not Lcution of each 

illegally from being executed. In this case, it is necessary to described so far 

application program is allowed by the author of the P^™ *™«* "J as shown 7n F g 3 To be more specific, in 
whereby the license manager 62 authenticates an applicat.on mod ^„ 6 : e a " 6 S s h ^;^ 0 F u , ? ce J wh erea S the application 
the authentication procedure shown in Fig. 3, the l.cense manager 62 serves as a source wnere 

module 61 is used as a sink. thai is after the sink has generated a sink 

After the authentication process described above has been comt^n* * a l *£™™™ T J d by tne source , 
side common session key sk' having the same .value as JJ^^^£^ k ^ ft V . « 
data or a clear text encrypted by the source by us.ngj an erxiyption toy is ' ^nsmmea describe d above, 
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and the optical magnetic disc apparatus 3 'f^^J^^^^on session key sk' described earlier, and 
key S. that is. the source side common ses " «nl * ^ sessjon key s and key r 

a time variable key i. strictly speaking, a key . lor ge "^^^^^^^/^ The session key S comprises an 
are supplied by the firmware20 or 30 to the 1394 "T^^^ "JJ^ the tima va " ab ' e key ^ 
initial value key Ss used as an initial value ^^^^ a ^ a pr edelermined number of high order bits 
value key Ss and the derangement key S. can ^.^^^Z^ s P BSsio n key sk or the sink side common 
and a predetermined number ol low order ^^^^^^^^g the sink described earlier. The 
session key sk" which has the same value as > sk used n ^e Processof a*h J ^ ^ ^ ^ p , ayback 

session key S is properly updated ,n each session, £ J*^;™^ oeran gement key Si of the sess,on 

operation. On the other hand, the t,rm , vanabie key , which , ge .^.^ ^ predele , 

key Sand the key V is updated a number ol times in a session, ror 

mined timing can be used typically as i the .key _i- as g so(jrce js transmitt ed to the 

Assume that movie data played back and o^P^ylhe dvu p. y « ^ ^ 1 3g4 sena| bus 

optical magnetic disc apparatus 3 and the persona .computer , 394 inte(f y ace unrt 26 employed in the 

1 1 and is then decrypted by the s.nks. In this <^*J^» spe aking. the key r and the encrypted 

session key S to the application module 6 \ a ^^Se l.ey \ to Se 1 394 interlace unit 49 serving as a link 
key i. strictly speaking, the key P for generating the tome to the ffl and the key and 

unit, in the 1 394 interface unit 49. the ^^ B J^^'S^S decrypted by the application module 61 by 
used for decrypting back the encrypted data. The decrypted data is further W ^ g 
using the session key S, strictly speaking, by u«ng. th >n«*l val « wherein the internal bus 51 is designed in 

As described above, in the personal computer 2 having ^^Sa Irtstageolthe decryption on the encrypted 
anarchitectureopentotheuser,the1394inte^ 

data, leaving the data still in an ^ c ^ ed ^ J ^TuT£TorlT^ the dear text. In this way, the persona, 
decryption on the data decrypted by the < 394 . tad tece^un t 49 to prod ce t ^ ^ ^ ^ 

ssr^ srss r sarjts r diri ^ - u Se - . ^ ^ . - 

wherein an internal bus is not open to the user. "J^^-J^^. * uch as the persona, computer 2 with 
a time variable key i, strictly speaking, a key . . n the case ot a PP encrypted data is decrypted by us.ng a 
an architecture wherein an internal bus is open ^^^^^ seS s7on key S and the key r . at a 1st 
time variable key i. which is generated by using ^^^J^ Ss of the session key S at a 2nd stage of 



Dec (Ss, Dec (i, Enc (algo (S + i'), Data))) = Data 



" wh e retheterma,go ( S + i,ap P ear,gonthe,e,th S 

application of a predetermined algorithm to the see. ™ £ andjhe time y ^ Qther Dec 

the notation Dec appearing at the le.t end of the ^^.^^J^h. encryption carried out by the source, 
notation denotes the 1 st stage of decryption and m « ^'^SnrteSac. unit 26 that satisfies the term Enc 

Fig. 11 ^ « block diagram showing a typical co^ 

appearing in the equation given above to represent ^^^^^J B gene rator 71 , an LFSB (Linear Feed- 
interface unit 26. As shown in the figure, the co nf>0"™jon, jj*^ by th e additive generator 71 and 
back Shift Register) 72, a shrink generator 7 and, " ^^^^"irtnk generator 73 selects some pieces 
1 -bit data generated by the LFSR are supplied to the s h ^«^S?e tMto the value of the 1-bit data supplied by the 
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addition ol tho onerypUor, key g.no.attd b, ,h. shrink gensralo. 73 .o In. ck. t.xt. In o,h« words, the orooess 

the initial value key Ss held in the register 82, storing the result of the ■*^'£^^^ le key , outplJ , 

Assume that the number ol bits per word in the register 82 .s 8. In this case, since the time vanaoie Key , ouip 
by th^X 86 !s 32 bits in width, the time variable key i is divided into 4 portions each , comprising 8 b ts. Each of the 
4 portions is then added to a word in the register 82 at a predetermined address that is ^^^^ ^ 

As described above, the initial value key Ss is held initially in the register 82. Each 1.me16 packets o 
text aTe t^smitted thereafter, however, the initial value Ss is updated by adding *«^^iH.^3Z^ two 
An adder 83 selects predetermined two words among the 55 words of ^'^^.^^jS^STe 
words to each other. With timing shown in Fig. 12. words at addresses zs /^ a ^^^ B ^^l 
adder 83 supplies the result of the addition to the shrink generator 73 and a word ir , the eg.ster 82. W,t .the tjn.ng 
shown in Fig .12, the adder 83 supplies the result of the addition to the word of the register 82 at an address 

53 Z 22 bet TshLd in the upward direction shown in the figure by 1 word. By the same token, the de^ at.on of 
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C F r?3°"s a bSk diagram showing a typical configuration of the LFSR 72. As shown in the figure, the LPS* i72 

comp Ls an ^K^SSr 101 and anadder 102 for summing up the values of •J^j^^f £J 

among the n Me. A bit resulting from the addhion by the adder 102 is si ored in the left nx* tbj K n " 

reoister 101 shown in the figure and, at the same time, the previous value of the bit b is shifted to a tan d , on 

fahrhand side oHhe bit b n . By the same token, the bit shifting to the right is applied to the previous values of bite b . 
nght tend «de the , „ y ^ ^ ^ ^ ^ ^ ^ ^ ^ b 

Resulting f on! ^ S L by the adder 102 is again stored in the left most bit b n of the n-bit shift register 01 and a 
Z ame Z, the previous'value of the bit b n is again shifted to a bit b n , on the righf : h« side of the b^ b By h 
same token, the bit shifting to the right is gain applied to the previous values o b«.v £ *V fj£° *™ 
previous value of the right most bit b, is again output. These operations are carried out repeatedly, sequentiai.y o 
putting bits from the right most bit fa, one bit after another. 

Fin 1 3 is a diaaram showing a typical configuration of the LFSR 72 in general terms. On the other hand. F.g_l 4 

judp£g unTs pas'ses'on m-brt da?a supplied by the adder 83 employed in the additive generator 71 to the FIFO unrt 
92 to be held therein as it is when the LFSR 72 outputs a bit having the logic value "1 . When , ,he *^ °*P£* 
bit havinc the loqic value "0", on the other hand, the condition judging unit 91 does not pass on m-bri data suppl ed by 
ridS 83 Soyed in the additive generator 71 to the FIFO unrt 92, suspending ^J^^^J^ 
way. the condition judging unit 91 employed in the shrink generator 73 selects only piece >o ' J^ rt f^.^^^ 
generated by the additrve generator 71 while the LFSR 72 is outputt.ng a bit w,th the logic value 1 and stores 
selected piece of m-bit data in the FIFO unit 92 of the generator 73. Qene ratina 
Each oiece of m-bit data held in the FIFO unit 92 is supplied as an encryption key to the adder 74 for jPr»"V"0 
an encCted t^ by adding the encryption key to data representing a clear text to be transmitted to a s.nk. that ,s. data 

P ' ay T d netnc!^ Tom the DVD player 1 to the optica, magnet* disc apparatus 3 and the 
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personal computer 2 by way ol the 1394 serial bus 11 . in , er1a ce unit 36 employed in the optical magnetic 

Fig. 1 5 is a diagram showing a typical ^ u ^^^7^£« 1 by way ol the 1 394 serial bus 11 . 
disc apparatus 3 lor decrypting the encrypted data receded from th DVC M>laye y y ^ s ^ ^ 

As shown in the figure, much like the 1394 . * ^^^^^S^i 172. * shrink generator 173 
figuration comprises an additive generator 171 , an '-FSR ^ ^^^^ ■) -bit data generated by the LFSR 1 72 
and a subtractor 174. m-bit data generated by the pieces of m-bit data receded from 

are supplied to the shrink generator 173. The shnnk generator 73 selects some P r ^ ^ ^ 

the additive generator 171 in accordance w.th the va ue o e j « ££££ & J btracts the m . bit decrypti on key 
selected m-bit data to the subtractor 174 as a decryption _ toy The. ubt «J^ 4 ^ (rom tne DVD p , a yer 1 by 
received from the shrink generator 173 from an encrypted I text thai * , m Mdau^ 

way of the 1394 serial bus 11, to decrypt the encrypted I text b * k a J t ^^X DVD playe r 1 shown in Fig. 15 is 
It is obvious that the configuration of the 1394 interface un.t 36 emptoyed J" ™ " p ^ atus 3 shown , n 
basicaily identica. with that of the 1394 interf ace un » » "fj^^^^Ti m£lA of the latter. 
Fig. 11 except that the subtractor 174 employed by the tonne ■» used as a subsiit ^ ^ ^ g 

Fig. 16 is a diagram showing a detailed configuration <JJ^ 1 ^ f B ^j2ace unit 36 employed in the DVD 
simple and plain manner. It is also obvious that ^^^^^TJlS^ptayrt in the optical magnetic 
player 1 shown in Fig. 16 is basically ident.ca wrth tha of the ^Jjace unrt 2 p y ^ g ^ 

disc apparatus 3 shown in Fig. 12 except that ^^^^^^^m,, 173, an adder 181, a register 
the adder 74 o1 the latter. An additrve generator 171, an .^^Z 2 .™^ judging unit 191 and a FIFO unit 192 
182. an adder 183, a register 184, a register 185. an adder 186. a '^ d9 ^ Fj 16 corresp0 nd to the 

emp.oyed in the 1394 interlace unit 36 «*«^ fe 9 E 82, the adder 83, the register 

additive generator 71 . the LFSR 72. the shnnk generate* 73 the ujd er BJ th 9 ^ the 3g4 jnter1ace unit 

84 the reaister 85. the adder 86, the condition judging un.t 91 and a Fll-o unn » h 
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84, the register 85, the 

26 of the DVD player 1 shown in Fig. 12 respectively. magnetic disc apparatus 3 shown 

Thus, since the operation of the ^^^^^^^SZ DVD player 1 shown in Fig. 12. its 
in Fig. 1 6 is basicaHy the same as that o, ^J^^^Z^J^ from the" latter in that, in the case 
explanation is not repeated. It should be noted, however. kev^ceived from the FIFO unit 192 employed in the 

serial bus 11 . to decrypt the encrypted text into the clear JlMt tus 3 encrypte d data is decrypted only 

key S at a 2nd stage of decryption. in ierface unit 49 employed in the personal computer 

Fig. I7isadiagramshowingatypicalconfigurationof the 1394 "^JJ^ J, wayo f the 1394 serial bus 

2 for decrypting the encrypted data or the - c ^ d ^ the optical magnetic 

1 1 by means of hardware. As shown in the f|9«re. muc like ' \ he ^f lhe DVD £ layer , shown In Rg.11. the 

disc apparatus 3 shown in FigJ 6 and ^^J^^^S^i Register) 272. a shrink generator 
configuration comprises an add.trve generator 271 , an ^r^nearr Fee dback Shift Register) 

273 and a subtractor 274 whfch correspond s^^ely The key P for generating the time 

172, the shrink generator 173 and the subtractor 174 shown in Fig • 15 r ^P ec J£J var J b|e k , inpul to the 1 394 
variable key i and the derangement key Si of the •^^^^^T ttie derangement key Si input to 

simple and plain manner. It is also obvious that the configurator , of ^^TM^ptoyeL the DVD player 
computer 2 shown in Fig. 18 is basically identical with tha ^of \ he ^^^^^ app Ltus 3 shown in Fig. 16 
1 shown in Fig. 12 and the 1394 interface unrt ^"^^J^^J^S^ ol the initial value key Ss of the 
except that, in the case of the 1394 interlace unit 49 shown jn Fig. 18 o ^ ce ^ decryption key is generated 

session key S input to the 1 394 unit 49 shown ,n Fig. 17 are reset tc £ in ™ as „ the jnitial value 



so sim 
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an encrypted state. Thus, data resulting from the decryption can not be used as it is even it ihe data is copied Irom the 
internal bus 51 10 a hard disc mounted on the hard disc drive 47 or another recording mediurn. ...... 

Then, the data or the text decrypted by hardware in the 1349 interface unit 49 by using the tone variable <ey . is 
lurther decrypted by software in the application module 61 . Fig. 1 9 is a diagram showing a typical configuration of the 
5 application module 61. Basically resembling the 1394 interface unit 26 employed in the DVD ^« ' 

11 the 1 394 interlace unit 36 employed in the optical magnetic disc apparatus 3 shown in F.g.1 5 and the 1 394 interface 
unit 49 employed in the personal computer 2 shown in Fig. 17. the application module 61 ^ " 1 » comprises 
an additive generator 371. an LFSR (Linear Feedback Shift Register) 372. a shrink generator 373 and a ' 
374 which have configurations identical with the additrve generator 171, the LFSR (Linear Feedback Shift Register) 
10 172, the shrink generator 173 and the subtractor 174 shown in Fig. 15 respectively. annliratirin 
It should be noted, however, that while the initial value key Ss of the sess.on key S is supplied to the application 
module 61 as is the case with the 1 394 interface unit 26 employed in the DVD player 1 shown in Fig. 11 and the 1 394 
interface unit 36 employed in the optical magnetic disc apparatus 3 shown in Fig.1 5, the de rangemen t key Sh of the 
session key S for deranging the time variable key i and the key r are each a un.t element will all bits thereof reset to 0. 
is Fig. 20 is a diagram showing a detailed configuration of the application module 61 which .s shown in i Fig. 1 9 in a 

simple and plain manner. It is also obvious that the configuration of the application module 61 » basically identical wrth 
that'of the 1394 interface unit 26 employed in the DVD player 1 shown in Fig. 12, the 1 39 -itrt.<»unrt 36 em toyed 
in the optical magnetic disc apparatus 3 shown in Fig. 16 and the 1394 interface unrt 49 employed lit the persona, 
computer 1 shown in Fig. 18. Components employed in the application module 61 shown ,n deta.l .n Rg^O from the 
20 adder 381 employed in the additive generator 371 to the FIFO unrt 392 employed in the ^^^^^T 
spond to the components employed in the 1394 interface unit 36 shown in Fig. 16, Irom the adder 181 employed n 
the additive generator 171 to the FIFO unit 192 employed in the shrink generator 173 respectrvefy. Since , .the ^ brts 
of the key i' held in a register 384 and the derangement key Si held in a register 385 are 0, however, the bite ofthe 
time variable key i generated by the adder 386 are all 0. As a result, the application module 61 in essence operates 
ss as if the time variable key i were not present. That is to say, the generation ol a decryption key » based only on the 
initial value key Ss. Then, a subtractor 374 decrypts the encrypted data or by using the decrypts key generated .n 
this way to produce a clear text. As described above, the encrypted data is a result of the decryption earned out by the 
1394 interface unit 49 based on the time variable key i, which is generated from the key I" and the derangement key 
Si at the so called 1st stage of decryption. On the other hand, the decryption carried out by the application module 61 
30 based on the initial value key Ss is called a 2nd stage of decryption for producing a final completely clear wxt 

When the decryption of the encrypted text described above is completed at the optical magnetic disc 3, the CPU 
31 supplies the decrypted data to the drive 35 for recording the data onto an optical magnetic disc 

ln1hepersonalcom P uter2,ontheotherhand,theCPU41 supplies the decrypted data resuft.ng from the 1st stage 
of decryption carried out by the 1 394 interface unit 49 typically to the hard disc drive 47 for reccing the data , by way. 
35 of the internal bus 51 . It should be noted that, in the personal computer 2. 

to the input/output interface unit 44 as the expansion board 48 for monitoring data transmitted through the internal bus 
51 as described earlier. Nevertheless, it is only the application module 61 that is capable of finally decrypting data 
transmitted through the internal bus 51 . Thus, even if the expansion board 48 is capable of 

resulting from the decryption carried out by the 1394 interface unit 49 based on the time variable key .. the eneryp ted 

40 data is not the completely clear text because the data has not been decrypted by the application module 61 1 by us ng 
the initial value key Ss of the session key S. As a result, it is possible to prevent a completely clear text from b ng 
copied illegally provided that the completely clear text resulting from the final decryption earned out by the application 
module 61 is never transmitted through the internal bus 51 . 

Typically, adoption of the Diftie - Hellman technique allows the session key S to be shared by a source and sink* 

45 It is worth noting that there are cases in which the 1 394 interface unit 49 or the application module 61 employed 

in the personal computer 2 has a relatively low processing power so that it is not capable of carrying out decryption of 
data. In order to cope with such a problem, either of the initial value key Ss of the session key 3 and the time variable 
key i or both can be generated in the source as a unit element. By the same token, by using either or both of the keys 
as a unit element in the sink, data can virtually be transmitted from the source to the sink without using the initial value 

so key Ss of the session key S and the time variable key i. With such a scheme, however, it is more qurte within the bounds 
of possibility that the data is copied illegally. „• .,„ m H.™niinn 

If the application module 61 itself is an illegal copy, it is much to be feared thai the clear text resulting from decrypt.cn 
carried out by the application module 61 will also be copied illegally. In order to solve this problem, the license manager 
62 may authenticate the application module 61 prior to decryption as described earlier. 

ss As a method for authenticating the application module 61 , a digital signature based on a disclosed encryption key 

encryption method can be adopted in addition to the common session key encryption/decryption technique described 

The configurations shown in Figs. 11 , 12 and 15 to 20 satisfy a homomorphism relation. Thai is to say, if keys K n 
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and K 2 are elements ol a Galois field G, a group processing result K, • K 2 of the two elements is also an element of 
the Galois field G. In addition, with respect to a predetermined function H, the following equat.on holds true. 

H (K., • K 2 ) = H(K 1 ) • H(K 2 ) 



Fig 21 is a diagram showing another typical detailed configuration of the 1 394 interface unit 26 employed in the 
DVD player 1 . As shown in the figure, the initial value key Ss of the session key S is supplied to LFSRs 501 to 503 to 
be set therein as initial values. The widths of the LFSRs 501 to 503 are n, to n 3 bits respectively which are of the order 
jo of 20 bits The LFSRs 501 are 503 are designed so that their widths n, to n 3 form an element in conjunction with each 
other That is to say, for example, the high order bits, the intermediate order n2 bits and the low order n 3 bits of the 
initial value key Ss of the session key S are set in the LFSRs 501, 502 and 503 respectively each as an initial value 

When an enable signal with the logic value 1 is supplied to the LFSRs 501 to 503 from a clocking function unit 
506, the LFSRs 501 to 503 each shift the contents thereof by m bits, outputting m-bit data. The value of m can be sei 
is typically at 8, 16, 32 or 40. 

The data output by the LFSR 501 is added to the data output by ihe LFSR 502 by an adder 504. A carry o he 
result of the addition carried out by the adder 504 is supplied to the clocking function unit 506 and the result of the 
addition itself is added to the data output by the LFSR 503 by an adder 505. A carry of the result of the addition carried 
out by the adder 504 is also supplied to the clocking function unit 506 and the result of the addition itself is supplied 
20 to an exclusive logical sum computing circuit 508. 

The combination of the carries supplied by the adders 504 and 505 to the clocking function unit 506 
01 10 or 11 The clocking function unit 506 outputs data representing one of combinations 000 to 111 to the LFSRs 
501 to 503 in accordance with the combination of the carries received from the adders 504 and 505. As described 
above when the enable signal with the logic value 1 is supplied to the LFSRs 501 to 503 from the clocking function 
2S unit 506 the LFSRs 501 to 503 each shift the contents thereof by m bits, outputting new m-bit data. When the enable 
signal with the logic value 0 is supplied to the LFSRs 501 to 503 from the clocking function unit 506, on the other hand, 
the LFSRs 501 to 503 do not shift the contents thereof, outputting the same m-bfi data as the data output right before^ 
The exclusive logical sum computing circuit 508 receives the result of addition carried out by the adder 505 and 
the time variable key i stored in the register 507, calculating an exclusive logical sum of the inputs. An exclusive logical 
ao sum computing circuit 509 calculates another exclusive logical sum of the exclusive logical sum output by the exclusive 
logical sum computing circuit 508 and an input clear text, outputting the other exclusive logical sum as an encrypted text. 

Fig 22 is a diagram showing another typical detailed configuration of the 1 394 interface unit 36 employed in the 
optical magnetic disc apparatus 3. As shown in the figure, all components employed in the 1 394 interface unit 36, from 
an LFSR 601 to an exclusive logical sum computing circuit 509, have the same configurations as the corresponding 
35 components employed in the 1 394 interface unit 26 shown in Fig. 21 . from the LFSR 501 to Ihe exclusive logical sum 
computing circuit 509. Thus, since their operations are basically also the same, the explanation of their operations is 
not repeated The only difference between the 1 394 interface unit 36 employed in the optical magnetic disc apparatus 
3 shown in Fig. 22 and the 1 394 interface unit 26 employed in the DVD player 1 shown in Fig. 21 is that the exclusive 
logical sum computing circuit 609 employed in the former decrypts an encrypted text while the exclusive logical sum 
40 computing circuit 509 employed in the latter encrypts a clear text. _ 

Fig 23 is a diagram showing another typical detailed configuration of the 1 394 interface unit 49 employed in the 
personal computer 2. As shown in the figure, all components employed in the 1394 interface unit 49, from an LFSR 
701 to an exclusive logical sum computing circuit 709, have the same configurations as the corresponding components 
employed in the 1394 interface unit 36 shown in Fig. 22, from the LFSR 601 to the exclusive logical sum computing 
45 circuit 609 The only difference between the 1 394 interface unit 36 employed in the oplical magnetic disc apparatus 3 
shown in Fig. 22 and the 1 394 interface unit 49 employed in the personal computer 2 shown in Fig. 23 is that the initial 
value key Ss of the session key S supplied to the LFSRs 701 to 703 employed in the latter is a unit element will all bits 
thereof reset to 0. Thus, in the case of the 1394 interface unit 49 employed in the personal computer 2 shown in Fig. 
23, the decryption of an encrypted text is in essence based only on the time variable key i in the register 707 which is 
50 generated from the key i' and the derangement key Si of the session key S. 

Fig 24 is a diagram showing another typical detailed configuration of the application module 61 of the personal 
computer 2 As shown in the figure, all components employed in the application module 61 , from an LFSR 801 to an 
exclusive logical sum computing circuit 809, have the same configurations as the corresponding components employed 
in the 1 394 interface unit 36 shown in Fig. 22, Irom the LFSR 601 to the exclusive logical sum computing circuit 609. 
ss The only difference between the 1 394 interface unit 36 employed in the optical magnetic disc apparatus 3 shown in 
Fig 22 and the application module 61 of the personal computer 2 shown in Fig. 24 is that the time variable key i supplied 
to the register 807 employed in the latter is a unit element will all bits thereof reset to 0. Thus, in the case of the 
application module 61 employed in the personal computer 2 shown in Fig. 24. the decryption of encrypted data is in 
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essence based only on the initial value key Ss of the session key S. 

It should be noted that the decryption processing in each of the configurations shown in F.gs. 19. 20 and 24 is 

carried out by the application module 61 which is typically implemented by sottware. 

By the way a license key can be changed or updated, if necessary, should the license key be stolen for some 
5 reasons by any chance. It is needless to say that a license key can also be changed once a predeterm.ned period of 

time even if the license key is not stolen should it be quite within the bounds of possibility that the license key is stolen. 

In this case, the version of a license key representing the term of validity is recorded on a DVD. In the case of the 

present embodiment, the term of validity of a license key is represented by the number of times the hash function is 

to be applied to generate the license key. If an information receiving apparatus for receiving information transmitted 
io through a satellite instead of information played back from a DVD player is an object being operated, only information 

of a valid version is transmitted to the information receiving apparatus by way of the satellite. 

Figs 25 and 26 are diagrams showing an embodiment implementing a procedure for generating a source side 

common session key sk in the DVD player 1 and a sink side common session key sk' in the personal computer 2 by 

using an updated license key. It should be noted that, in addition to the fact that various pieces of information are stored 
is in the EEPROM unit 27 employed in the DVD player 1 and the EEPROM unit 50 employed in the personal computer 

2 of the embodiment shown in Fig. 4. the hash function is also stored not only in the EEPROM unit 26, but also in the 

EEPROM unil 50 in the case of the present embodiment. 

As shown in Fig. 25. the procedure begins with a step S1 51 at which the DVD player 1 serving as a source makes 

a request to the personal computer 2 serving as a sink for the ID thereof. Then, the procedure goes on to a step SI 52 
20 at which the personal computer 2 receives the request for the ID. The procedure then proceeds to a step S153 a which 

the personal computer 2 transmits the ID to the DVD player 1 . Then, the procedure continues to a step S154 at which 

the DVD player 1 receives the ID. j , „ 

Subsequently, the procedure goes on to a step 81 55 at which the DVD player 1 concatenates the ID received from 

the personal computer 2 with a service key stored in the EEPROM unit 27 to form data (ID | service.key). Then, a 
ss license key Ik is computed by applying the hash function to the data (ID || service_key) as shown in the following 

equation: 

Ik = hash (ID || service_key) 

30 . . 

The pieces of processing performed at the steps 81 51 to 81 55 as described above are the same as those carried 
out at the steps S1 to S5 of the procedure shown in Fig.4. 

The procedure then goes on to a step S156 at which the DVD player 1 forms a judgment as to whether or not the 
license key Ik generated at the step S155 has a valid version, that is, whether or not the license key Ik has been 

35 generated by applying the hash function a number of times equal to a predetermined value recorded on the DVD. as 
described above, the present valid version of a license key Ik is recorded as the predetermined value representing he 
number of times the hash function is to be applied to generate the license key Ik. Assume that the predeterm.ned value 
recorded on the DVD is greater than one. Since the number of times the hash function has been applied to generate 
the license key Ik at the step S155 is 1 , the license key Ik is judged to be invalid. In this case the procedure proceeds 

40 to a step S1 57 at which the DVD player 1 initializes a variable g indicating the number of times the hash function has 
been applied to generate the license key Ik at 1 and stores the generated license key Ik in a var.able Ik, Then, the 
procedure continues to a step S15B at which the hash function is applied to the contents of the variable Ik, to find a 
new license key lk g+1 according to the following equation: 



45 



so 



ss 



Ik A = hash (Ik ) 



Subsequently, the procedure goes on to a step S1 59 to form a judgment as to whether or not the license key kg , 
generated at the step S158 has a valid version. If the license key lkg+1 does not have a valid version, that is. if the 
variable g has not reached the predetermined value in the case of the present embodiment, the procedure proceeds 
to a step S160 at which the DVD player 1 increments the value of the variable g by 1 and stores lkg +1 in the variable 
H The procedure then returns to the step SI 58 at which the hash funclion is again applied to the contents of the 



variable Ik . 

The steps S1 58 and S1 59 are executed repeatedly till the value of the variable g. that is, the number of times the 
hash function has been applied to generate the license key, reaches the predetermined value recorded on the DVD 
as a version of the license key. 

It should be noted that the predetermined value serving as an upper limit of the number of times the hash function 
can be applied to generate the license key is set typically at 100. 
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It the outcome of the judgment formed at the step S159 indicates that the number ot times the hash tunct.on has 
been applied to generate the license key has reached the predetermined value recorded on the DVD as^a version of 
the license key, thai is, il the outcome ot the judgment indicates that a valid license key lkg +1 has been obtained at the 
step S158. or if the outcome of the judgment formed at the step S156 indicates that the license key Ik generated at 
the step S155 is valid, that is. if the number of times the hash function is 1o be applied to generate the license key is 
1, on the other hand, the procedure proceeds to a step S161 at which the DVD player 1 generates a source side 
common session key sk in the same way as the procedure of Fig. 4 described earlier. 

Then the procedure continues to a step SI 62 at which the DVD player 1 encrypts the source side common session 
key sk generated at the step S1 61 by using the license key 1kg computed at the step S1 55 or S1 58 as a key to produce 
an encrypted source side common session key e in accordance with the following equation: 



e = Enc (lk g , sk) 



Subsequently, the procedure goes on to a step S163 at which the DVD player i transmits the encrypted source 
side common session key e generated at the step S162 along with the value of the variable g indicating the number 
of times the hash function has been applied to generate the license key lkg to the personal computer 2. The procedure 
then proceeds to a step S164 at which the personal computer 2 receives the encrypted source side common session 
key e and the value of the variable g. Then, the procedure proceeds to a step Si 65 at which the personal computer 2 
initializes a variable w representing the number of times the hash function has been applied to generate a license key 
in the personal computer 2 at 1 . The procedure then continues to a step S1 66 to form a judgment as 10 whether or not 
the value of ihe variable g received at the slep S164 is equal to the value of the variable w set at the step 1 316S .It they 
are not equal to each other, the procedure goes on to a step S167 at which the hash function stored in the EEPROM 
unit 50 employed in the personal computer 2 is applied to license_key w , the license key also stored in the EEPBOM 
unit 50, to generate license_key w+1 . a new license key in accordance with the following equation: 

lteense_key w+1 = hash (license_key w ) 

Then the procedure continues to a step S168 at which the personal computer 2 increments the variable w by 1 
and substitutes license_key w+1 for license_key w . The procedure then returns to the step SI 66 to again form a judgment 
as to whether or not the value of the variable g is equal to the value of the variable w. The steps 81 66 to S16B are 
executed repeatedly till the value of the variable w representing the number of timesthe hash function has been applied 
to generate the license key becomes equal to the value of the variable g. 

II the outcome of the judgment formed at the step S166 indicates the value of the variable w is equal to the value 
of the variable g, that is, if currently valid license_key w has been obtained, the procedure goes on to a step S169 at 
which Ihe personal computer 2 decrypts the encrypted source side common session key e to produce a sink side 
common session key sk' in accordance with the following equation: 

sk' = Dec (license_key w , e) 

By appropriately repeating the application of the hash function to generate the license key as described above, 
the information security can be further enhanced. 

According to the procedure shown in Figs. 25 and 26, the value of the variable g representing the version of a 
license key is transmitted by the source to the sink. It should be noted, however, that the application of the hash function 
to generate the license key can be repeated as many times as is required without the need to transmit the version as 
is the case with an embodiment implementing a procedure shown in Fig. 25 and continued to Fig. 27 instead of Fig 26. 

That is to say in the case of this embodiment, only the encrypted source side common session key e is transmitted 
by the DVD player 1 to the personal computer 2 at the step S163. At lhat time, the value of the variable g representing 
the version of a license key is not transmitted. The procedure then proceeds to a step S164 at which the Personal 
computer 2 receives the encrypted source side common session key e. Then, the procedure goes on to a step si 65 
at which the personal computer 2 decrypts the encrypted source side common session key e to produce a sink side 
common session key sk' using the license_key stored in the EE PROM unit 50 in accordance with the following equation: 

sk" = Dec (license_key, e) 
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I n the mean time. a. a step SI 66. the DVD player 1 encrypts data to be transmitted to the PJ^^^ 2 * 
usino amona other keys the source side common session key sk generated at the step SI 61 and transmits tne 
ZwZ tea TtoTcwputo 2. The procedure then goes on to a step S167 a, which the persona, computer 2 
"ceShetn^pted data' and then to a step S1 68 to decrypt the encrypted data by ^«^S"elT^ 
sink side common session key sk' generated at the step S1 65. Then, the procedure proceeds to a step S169 at which 
^rsona^mputer 2 forms a judgment as to whether or not data resulting from the decrypt™ earned out at the 
steo I 6bTs corT£f For example data received as a TS (Transport Stream) packet of the MPEG system has a code 
SSSZ^^^Z^ value of 47 in the head of the packet, in this case, the Judgment as to whether 
or not data is correct can be formed by checking whether or not th e syn chromz ation cod s p rtect 

If correct decrypted data was not resulted in at the step S168. the procedure goes on to a step S170 at wh.ch the 
personal computer 2 updates the license key in accordance with the following equation: 



2S 



30 



35 



45 



50 



license_key = hash (licensejcey) 



Then the procedure proceeds to a step S1 71 at which the personal computer 2 aga.n decrypts Jhe encjyptj 
source side common session key e recerved at the step S164 to produce a new sink side common session key sk 
using the updated license key generated at the step S170 in accordance wrth the following equat,on. 



2" sk- = Dec (license_key, e) 



Subsequently, the procedure returns to the step S168 to again decrypt the *" 
8167 by using, among other keys, the sink side common session key sk' 9«" erate t d a f S *f h P e f r l s u ^ ° 
cedure process to a step S 1 69 at which the personal computer 2 forms a judgrne^ 

from the decryption carried out at the step S168 is correct. As such, the steps S170, S1 71 S16Band S169 ^re execme 
repeatedly till the outcome of the judgment formed at the step S169 indicates that correct decrypted data was obtained 
at the step S168. 

I n this way. the license key is updated to produce correct encrypted data. 

As indicated by the procedure described above, in the source, the source side common session key sk has to be 
genera ted be ore d'ata to'be transmitted to the sink is encrypted by using the source side «^ •^^ont £ 
fhe sink on the other hand, the decryption of the encrypted data received from the source needs to be synchronized 
wrthme decryption o the encrypted source side common session key e received from the source. To be more specific 
ffp^SKJik-dTL not go on from the step S165 to decrypt the encrypted ^^^^ 
key e to the step S168 to decrypt the decrypted data till the step S167 to receive the encrypted data is comp eted. 

" fn addftion.the decryption of an encrypted source side common session key e and » ^S^^SSS 
bythe sinkmust be synchronized with the encryption ^^^^ eo ^^ m ^^ a ^^ 1 ^ 
bv the source That is 1o say, a decryption key generated by the components composing the 1394 interface unit * 
magnetic disTapparatus 3 shown in Fig. 22. from the LFSR 601 to ^"^^J 1 ™ 
computing circuit 608. has to correspond to an encryption key generated by the components oor^r^fh.13M 
inteTace uni 26 employed in the DVD player 1 shown in Fig. 21. from the LFSR 501 to the exclusive logical sum 
orn^ 

of a clear text by using the encryption key. As described above, the encryption key has thus to be generated i by tne 
1394 nirtaceunr^ shown in Fig. 21 in synchronization with (that is. prior to) the encryption of the input clear ext 
an 1 TZX Sy ^therefore be generated by the 1 394 interface unrt 36 ^^^^^ 
with (that is. prior to) the decryption of the received encrypted text even though the synchronization is not explicitly 

^Tccord'gry'ifTbins missing for some reasons from a packet composing an encrypted text transmitted from a 

source to a 2 by way of the 1394 serial bus 11. a phase representing a timing relation between a clear text and an 

en ^t o "y Source can not be sustained as a phase representing a timing Nation be = 

and a decryption key in the sink. However, this problem can be solved by updating or ™nit»l«inG , the J«™l« 

senting a timing relation between an encrypted text and a decryption key .n the s.nk periodically. F.g. 28 is a diagram 

IhoSg a tyS configuration of an embodiment implementing a source/sink system ^^^ c ^ 9 ,hC 

chase representing a timing relation between an encrypted text and a decryption key in the sink penodically. 

P A Vsh?wnTn th 9 e flgurjn the source, an exclusive logical sum computing , circuit 901 cornpules .an exclusive , 

sum Ci of a random number generated by a random number generator 903 and an input clear text and W» s ^* 

exclusive logical sum Ci to an exclusive logical sum computing circuit 904 and a process ,ng . ci curt 902 whwh also 

receives the initial value key Ss of a session key S. The processing circuit 902 carries out predetermined processing 
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on the initial value key Ss of the session key S and the exclusive logical sum Ci output by the exclusive logical sum 
computing circuit 901 , outputting a result Vi of the processing to the random number generator 903 as an initial value. 

The exclusive logical sum computing circuit 904 computes the exclusive logical sum of the exclusive logical sum 
Ci generated by the exclusive logical sum computing circuit 901 and a time variable key i to generate an encrypted 
text which is transmitted to the sink through the 1 394 serial bus 11 . 

The sink carries out operations in the reversed order of those performed by the source. To be more specific, an 
exclusive logical sum computing circuit 911 computes an exclusive logical sum Ci of the encrypted text received from 
the source through the 1394 serial bus 11 and the time variable key i, outputting the exclusive logical sum Ci to an 
exclusive logical sum computing circuit 912 and a processing circuit 913 which also receives the initial value key Ss 
of the session key S. The processing circuit 913 carries out predetermined processing on the initial value key Ss of 
the session key S and the exclusive logical sum Ci output by the exclusive logical sum computing circuit 911 , outputting 
a processing result Vi to a random number generator 914. The random number generator 914 generates a random 
number with the processing result Vi from the processing circuit 913 used as an initial value. The exclusive logical sum 
computing circuit 91 2 computes a final exclusive logical sum of the random number generated by the random number 
generator 91 4 and the exclusive logical sum Ci generated by the exclusive logical sum computing circuit 911 , outputting 
the final exclusive logical sum as a clear text. 

Fig 29 is a diagram showing a typical configuration of the random number generator 903. As shown in the figure, 
the random number generators 903 comprises components, from an LFSR 931 to a clocking function unit 936. Each 
of the components shown in the figure has a function identical with the corresponding LFSR 501 etc. t the adder 504 
etc. or the clock functioning unit 506 etc. of the embodiments shown in Figs. 21 to 24. 

It should be noted that the random number generator 914 has the same configuration as the random number 
generator 903 shown in Fig. 29. Therefore, it is not necessary to show the configuration of lormer in a separate figure. 

Fig. 30 shows a flowchart representing operations carried out by each of the processing circuits 902 and 913 on 
the source and sink sides respectively. 

The operations are explained by referring to the flowchart shown in Fig. 30 as follows. 

The processing circuit 902 on the source side has a function f expressed by an equation given below to compute 
a value Vi from an input Ci supplied thereto by the exclusive logical sum computing circuit 901 and the initial value key 
Ss of a session key S. 

Vi = f (Ss, Ci) 

As shown in the figure, the flowchart begins with a step S201 at which the processing circuit 902 uses the value 
0 as an initial value of the input Ci to compute a value Vi = f (Ss, Ci) as follows: 

V 0 =f(Ss,0) 

The operational flow then goes on to a step S202 at which the value V 0 computed at the step S201 is supplied to 
the random number generator 903 shown in Fig. 29. In the random number generator 903, the value V 0 output by the 
processing circuit 902 is supplied to the LFSR 931 to 933 as an initial value. By using the same technique as the 1 394 
interface unit 26 shown in Fig. 21 and the other embodiments shown in Figs. 22 to 24, a random number is generated 
and output by the adder 935 employed in the random number generator 903 to the exclusive logical sum computing 
circuit 901 shown in Fig. 28. The exclusive logical sum computing circuit 901 computes an exclusive logical sum Ci of 
the random number generated by the random number generator 903 and an input clear text, outputting the exclusive 
logical sum Ci back to the processing circuit 902. 

In the mean time, the operational flow shown in Fig. 30 proceeds to a step S203 at which the processing circuit 
902 sets a variable i at 1. The operational flow then continues to a step S204 at which the exclusive logical sum Ci 
received from the exclusive logical sum computing circuit 901 is stored in a variable C. 

Then, the operational flow goes on to a step S205 at which the processing circuit 902 carries out processing in 
accordance with the following equation: 



Vi = f (Ss, Ci) + V, 



where Ci is the contents of the variable C. 

Since the value of the variable i is 1 at the present time, the above equation can be rewritten as follows: 
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V1 =f (Ss.C,)* V 0 

where V ft is a value computed at the step S201 . . 

5 Subsequently, the operational procedure goes on to a step S206 at which the processing circuit 902l«n«a 

judgment as to whether or not the contents of the variable C. that is. C, in this case, are equal to a predetermined 
value T set in advance. In the mean time, the exclusive togical sum computing circuit 901 outp uts °^r excU.s ve 
logical sum Ci to the processing circuit 902. It the exclusive logical sum Ci is 1ound unequal to the valueTa the step 
S206 the operational flow proceeds to a step S207 at which the contents of the variable i are incremented by 1 before 

to returning to the step S204 at which the olher exclusive logical sum Ci received from the exclusive logical sum computing 
circuit 901 that is Co since i = 2, is stored in the variable C. . 

Then, 'the operational flow goes on to the step S205 at which the processing circuit 902 carr.es out process** m 
accordance with the lollowing equation: 



is 



'2 



where V1 is a value computed at the step S205 in the immediately previous itwation. 

Subsequently, the operational procedure goes on to the step S206 at which the processing circuit 902 forms ; a 

20 judgment as to whether or not the input exclusive logical sum Ci, that is. C 2 in this case. ,s ^^^^2 
value T. If the input exclusive logical sum Ci is found unequal to the value T. the operational tic* ' P™«*» ° J»« £ 
S207 at which the contents of the variable i are incremented by 1 before returning to the step S204 In this way, the 
steps S204 to S207 are executed repeatedly till the input exclusive logical sum Ci becomes equal to the value T 
P |f the input exclusive logical sum Ci is found equal to the value T at the step S206. °n the other hand.^ the ope ationa, 

*5 flow proceeds to the step S20B at which the value V, (that is. V, in this case) computed at « h » rt »P °"^J £ 
the random number generator 903 as the value V 0 computed at the step S201 was output to the random , numbe 
generator 903 at the step S202. In the random number generator 903, the value V1 output by the process rig , c.rcurt 
902 is supplied to the LFSR 931 to 933 as an initial value. A random number for the mrt.al value is generated and 
output by me adder 935 employed in the random number generator 903 to the exclusive logical sum computing cjcu.t 

so 901 shown in Fig. 28. The exclusKre logical sum computing circuit 901 computes an exclusive logical sum C. of the 
random number generated by the random number generator 903and an input cleartext. outputt.ngthe exclusive logical 

""I n ^ meaS°^r p^Sg circuit 902 outputs the value V, at the step S208 to the random number 
generator 903. the operational flow shown in Fig. 30 returns to the step S203 at which the processing c.rcurt 902 resets 

35 the variable i at 1. Thereafter, the steps S203toS208 are executed repeatedly. 

Assume that the value T is 8 bits in width and the generation probability of the value of C, is un ^Jn«™ 
the probability of the Ci value's being equal toT is 1/256 where 256 is the eighth power of 2. That .s to say. the generation 
of the exclusive logical sum Ci having a value equal to T occurs at a rate of once per 256 sequential 
out by the exclusive logical sum computing circuit 901 to generate the exclusive logical sum C. As a resuH the ^.nrt.al 

40 value used in the random number generator 903 for generating a random number .s updated at a rate of <^P™*** 
sequential operations carried out by the exclusive logical sum computing circuit 901 to generate the exclus.ve logical 

SUm Th'e exclusive logical sum Ci output by the exclusive logical sum computing circuit 901 is also supplied I to the 
exclusive logical sum computing circuit 904 for computing the exclusive logical sum of the exclusive logical sum Ci 

46 and the time variable key i. The exclusive logical sum computed by the exclusive logical sum computing circuit 904 is 
output to the 1 394 serial bus 11 as an encrypted text. ... =„,.„,„t 0 r. 

In the sink, the exclusive logical sum computing circuit 911 computes an exclusive logical sum C. of the encrypted 
text received from the source through the 1 394 serial bus 1 1 and the time variable key i ou^^ 
sum Ci to the exclusive logical sum computing circuit 912 and the process.ng crcuit 913 .which also receive ; the nrt^l 

so value key Ss ol the session key S. Much like the processing circuit 902 on the source side the process ng c.rcu 913 
carries out predetermined processing on the initial value key Ss of the session key S and he exc ^ 
output by the exclusive logical sum computing circuit 911. outputting a processmg resu t V. to the random number 
generator 914 at a rate of once per 256 sequential operations to generate the exclusive log.cal sum Ci The random 
number generator 91 4 generales a random number with the processing result V. used as an initial value. The exclus ve 

55 logical sum computing circuit 91 2 computes a final exclusive logical sum ol the random number f™****** 6 
random number generator 914 and the exclusive logical sum Ci generated by the excluswe log.cal sum comput.ng 
circuit 911 and outputs the final exclusive logical sum as a clear text. 

As described above, the processing circuit 91 3 outputs the processing result V. to the random number generator 
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914 at a rate of once per 256 sequential operations carried out by the exclusive logical sum computing circurt 911 to 
generate the exclusive logical sum Ci. As a result, a phase representing a timing relalion between an encrypted text 
transmitted from a source to a sink by way of the 1394 serial bus 11 and a random number used « ■ d ~W^!i 
in the sink can be recovered in the event of a bit missing for some reasons from a packet composing the encrypted 
text at the time the processing circuit 913 outputs the processing result V, to the random number generator 914 at a 
rate of once per 256 sequential operations to generate the exclusive logical sum Ct 

It should be noted that, since the processing circuit 902 or 913 outputs the process.ng result V. to the random 
number generator 914 when the exclusive logical sum Ci becomes equal to the value T (Ci = T). the processing circuit 
91 3 does not output the processing result Vi to the random number generator 91 4 periodically. Inslead, nothing more 
can be said more than the fact that the processing circuit 913 outputs the processing result V. to the random number 
generator 914 at a probability of once per 256 sequential operations to generate the exclusive logical sum C. on the 

aV6 M is* worth noting that the rate at which the processing circuits 902 and 913 output the processing ^sult^ tothe 
random number generators 903 and 914 can also be based on the number of pieces of encrypled data transmitted by 
the source and received by the sink. When a piece of data is missing in the course of transmission .through i the 1394 
serial bus 11 . however, this method will have a problem that the data piece count on the source side will be different 
from the data piece count on the sink side, making it no longer possible to establish synchronization belween the source 
and the sink. It is thus desirable to adopt the synchronization technique implemented by the embodiment described 

so ab °As an initial value used in the random number generator 903 or 91 4. the exclusive logical sum Ci output by the 
exclusive logical sum computing circuit 901 or 911 can be supplied to the random number generator 903 or 914 re- 
spectively as it is. In this case, however, transmitted ihrough the 1394 serial bus 11, it is much to be feared that he 
exclusive logical sum Ci is stolen. That is why the exclusive logical sum Ci is not used chrectly as an inrhal value 
Instead, by using a value Vi resulting from predetermined processing carried out on the exclusive logical sum Ci as an 

2S initial value, the data security can be further improved. 

By the way. there are 2 methods of transferring data through the IEEE 1394 senal bus 11. One of them is an 
asynchronous transfer method whereas the other is an isochronous transler method. In the a u s y n ^ ro " ous . ,r i T. S J e : 
method, data is transferred belween two apparatuses. In the isochronous transler method, on the other hand, data is 
broadcasted from one apparatus to all others connected to the 1394 serial bus. Thus, the com ^ u 7 catlon ^ for n a "^ n J 

30 tication of sinks and the key sharing protocols of the embodiments shown in Fig. 4 and the other figures are nomnalty 
accomplished by adopting the asynchronous transfer method since there is no need for broadcasting information from. 

the source to all sinks. . , , 0 ic 

In the authentication and the key sharing protocol of the embodiment shown in Fig. 4, the personal computer 2 is 
capable of acquiring an encrypled source side common session key e from the DVD player 1 even if the i personal 
35 computer 2 is an unauthorized apparatus which does not have the correct license key. As described earher, the en- 
crypted source side common session key e is an encrypted text resulting from encryption of a source side common 
session key sk using the license key Ik. Since the personal computer 2 is an unauthorized apparatus which does not 
have the correct license key. the personal computer 2 is not capable of obtaining the correct sink side common session 
key sk' by decryption o1 the encrypted source side common session key e. It is much to be feared, nevertheless, that 
40 the encrypted source side common session key e can be used directly in decryption of encrypted information as it is 
If the personal computer 2 also receives the source side common session key sk (a clear text) in addition to the 
encrypted source side common session key e (an encrypted text resulting from encryption of the source side common 
session key sk using the license key Ik) tor some reasons, both the clear texl and the corresponding . »"^* ^ 
are obtained. In this case, it is much to be feared that the clear and encrypted texts are used for finding the license 
as key that the personal computer 2 does not have. It should be noted that, in general, the more the pairs of clear ana 
encrypted texts known by an attacker, the easier the reverse method adopled by the attacker to know the license key 
used to produce the encrypled texts from the clear texts. 

In addition, an unauthorized personal computer 2 may transmit a false ID to the DVD player 1 which uses the false 
ID for computing the license key Ik. The license key Ik is in turn used for encrypting the source side common session 
so key sk to produce the encrypted source side common session key e which is then transmitted to the personal computer 
2 Assume that the personal computer 2 is allowed to make a request for the transmission of an encrypted source side 
common session key e during a session by transmitting an ID. If such a request is made several times a plurality of 
license keys are generated by the DVD player 1 from different IDs received from the personal computer 2. As a result 
a plurality of encrypted source side common session keys e resulting from encryption of the source side common 
ss session key sk for the session are received by the personal computer 2. That is to say. once the personal computer ■ 2 
obtains the source side common session key sk. the personal computer 2 is capable of knowing a plurality of pairs 
each comprising the source side common session key skand one of the encrypted source side common session I teys e_ 
An embodiment implementing an authentication procedure shown in Fig. 31 addresses the problem described 
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above The procedure prevents an unauthorized sink from receiving a plurality of encrypted source side common 
TsL^^sZ^or* encryption of a source side common session Key sk by ' o a ^ r 

The procedure shown in the figure is basically the same as the one shown .n F,g. 4 except that, pnor to a request for 
an ID made by the source to the sink, some pieces of processing are earned out. 

To put it in detail, as shown in the procedure of the figure, at a step S201 . the personal ^^^J^ 
sink transmits a request for authentication, that is. a request for the start of an authent.cat,on protocol, to the DVD 
player^ 

as is Ihe case with the other transfers in the protocol. ...innnd thereto at a 

Apparatuses connected to the IEEE 1394 serial bus 11 each have a umque ^ e ™^ b " "^.^Jj 8 
bus Set time. The node number is used to specify and identify an information ^^T^"^^^"^ 
Fig. 32 is a diagram showing the format of a write request for a data quad.et packet, one ol < ^™ | !^ , J?J 
The destination loTield of the format is the node number of an information receiving 'f^T^^ 1 ^ 
of the format is the node number of an information transmitting apparatus. In the case , o ^^^J^^f 
for authentication, data indicating that the packet is a request for authentication ,s ^^^^S^^- , 
Receiving the asynchronous packet conveying a request for authentication at a «tep S202. the DVD p| aV e r 1 
fetches the source ID that is. the node ID of an information transmitting apparatus transmitting the packet. The pro- 
ced^e then goes on^o a step S203 at which the DVD player 1 forms a judgment as ; to whether or 
source side common session key e resulting from encryption of the source s-de common session key sk for ^ Present 
session has been transmitted to the information receiving apparatus identified by the node "^1'^*°°^°™* 
the iudqment formed at the step S203 indicates that an encrypted source side common session key e resulting from 
encSon of thTsource side clmon session key sk for the present session has been ^^^^^ 
receh/km apparatus identified by the node number, the processing of the authentication protocol for the personal corn 
puter 2 i! 3 nlted If the outcome of the judgment formed at the step S203 indicates that an 
common session key e resuiting from encryption of the source side common session ^J ^S^TZ 
has not been transmitted to the information receiving apparatus identified by the node number, on the other hand, the 
procedure goes on to a step S204 to start execution of the authentication protocol. 

Pieces of processing carried out at the steps S204 to S21 3 of the procedure shown in Fig. 31 are the same as 
those ol the steps S1 to SI 0 of the procedure shown in Fig. 4. linrt K 0 r 
After the above pieces of processing are carried out, at a step S21 4. the DVD player 1 records the . no* numbe 
30 ol the personal computer 2 fetched at the step S21 3 into the EEPROM unit 27. The node number is kep therein as 
long as the DVD player 1 uses the source side common session key sk of the present ^session. As another source 
session key sk is generated tor a next session, the node number is deleted from the EEPF»M ""J^ 

With the protocol described above, only one encrypted source side common session key e is transmitted to a sink. 

As a result, security of transmitted information can be improved. eac «.inn kev sk 

3S By the way. at the step S7 of the authentication protocol shown in F.g. 4. a source s.de common sesson key sk 

is encrypted by the source'using a license key Ik to produce an encrypted source side '^^V^^^ 
is then transmitted to the sink. As an encryption algorithm, a block encryption ,s used ^ J? ^S^STdS 
a clear text is encrypted in fixed length block units. A DES encryption is a generally known ^^^^ 
encryption is an encryption algorithm for transforming each 64bit block of a clear text .nto a 64b.t encrypted text 

Assume that an n-bit block encryption is an encryption algorithm used at the step S7 o the 
Fig. 4 to transform an n-bit clear text into an n-blt encrypted text and the number of bits ,n he source s.de , common 
session key sk is n. Also assume that an n-brt result obtained from application of the encryption akjorithr i to then bit 
source side common session key sk and the license key Ik is used as it is as an encrypted source side common session 

<s Assume that the source makes an attempt to transmit another encrypted source side common session I «yn e to a 

sink after a previous encrypted source side common session key e in the same session. Alsc \ f ^ x ^^^ 
encrypted source side common session key e has been siolen by an unauthorized person. Since the transactior , » 
done in the same session, the source side common session key sk remains unchanged. In addmon, <^ *• 
encryption algorithm is adopted in producing the other encrypted source side 
so side common session key sk and the same license key Ik is used ,n the algorithm, ^^"t^f™™"?* 
common session key e is the same as the previous encrypted source side common sess, on key e. « '» J^^Mh. 
bounds ol possibility that the other encrypted source side common session key e .s also stoleni by an ' "^» rl ** 
person If the other encrypted source side common session key e is also stolen by the unauthorized person by any 
chance, the person will i that the same source side common session key sk is still be.ng used, causing a , pro ^ 

An embodiment implementing an authentication procedure shown in Fig. 33 '^^^^^SSi 
above Since pieces of processing carried out at steps S221 to S226 of the procedure shown in he figure are the same 
as those of the steps S1 to S6 of the procedure shown in Fig. 4, their explanation is not repealed. 

At a step S227. the source generates an n-bit random number r. The procedure then goes on to a step S22B at 
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which a concatenation of the random number r with the source side common session key sk is encrypted by using the 
license key Ik as follows: 

e = Enc (Ik, r || sk) 

The encryption is carried out in an encryption mode called a CBC mode. Fig. 34 is a diagram showing the config- 
uration of a system implementing the CBC mode. The left hand side half and the right hand side half of the figure 
represent encryption and decryption respectively. The same initial values IV are stored in registers 1003 and 1012. 
The initial value IV is fixed throughout the entire system. 

In the encryption processing, first of all, an exclusive logical sum processing circuit 1001 computes an exclusive 
logical sum of a 1st n-bit block of a clear text and the initial value IV stored in the register 1003. The exclusive logical 
value is supplied to an encryptor 1002. An n-bit encrypted text produced by the encryptor 1002 is output to a commu- 
nication tine as a 1 st block and ted back to the register 1 003. 

When a 2nd n-bit block of the clear text is supplied, the exclusive logical sum processing circuit 1001 computes 
an exclusive logical sum of the 2nd n-bit block of the clear text and the 1st block of the encrypted text stored in the 
register 1 003 The exclusive logical value is supplied to the encryptor 1 002 to be encrypted therein. An n-bit encrypted 
text produced by the encryptor 1002 is output to the communication line as a 2nd block and fed back to the register 
1003 The operations described above are carried out repeatedly. 

On the decryption side, on the other hand, the 1 si block of the encrypted text transmitted through the communication 
line is decrypted by a decryptor 1011. An exclusive logical sum processing circuit 1013 computes an exclusive logical 
sum of the output of the decryptor 1011 and the initial value IV stored in a register 1012 to produce the 1st block of the 

clear text. . n 0 

The 1st block of the encrypted text received through the communication line is also stored in the register itn*;. 
Then the 2nd block of the encrypted text transmitted through the communication line is received and decrypted by the 
decryptor 1011 The exclusive logical sum processing circuit 101 3 computes an exclusive logical sum of the 2nd block 
of the decryption result output by the decryptor 1011 and the 1 st block of the encrypted text stored in the register 1012 
to produce the 2nd block of the clear text. 

The 2nd block of the encrypted text received through the communication line is also stored in the register iui^. 

The operations described above are carried out repeatedly to accomplish decryption processing. 

It should be noted that, the CBC mode is described in detail in the second edition of the reference with the title 
"Applied Cryptography" authored by Bruce Schneider, 

Refer back to the procedure shown in Fig. 33. At the step S228, the n-bit random number r and the source side 
common session key sk are used in the encryption algorithm as 1st and 2nd blocks of the clear text. That is to say, 
the exclusive logical sum processing circuit 1001 computes an exclusive logical sum of the random number r, that is, 
the 1st n-bit block of the clear text, and the initial value IV stored in the register 1003. The exclusive logical value is 
supplied to the encryptor 1002 to be encrypted therein by using the license key Ik. Thus, the encryptor 1002 produces 

Enc (Ik, r (+) IV). . . 

The output of the encryptor 1002 is stored in the register 1003. When the source side common session key sk, 
that is the 2nd block of the clear text, is received, the exclusive logical sum processing circuit 1001 computes an 
exclusive logical sum of the 2nd block of the clear text and the output of the encryptor stored in the register 1003. As 
a result, the encryptor 1002 produces Enc (Ik, sk (+) Enc -(Ik, r (+) IV)). 

At a step S229, the source concatenates the two blocks with each other to produce e which is transmitted to the 
sink according to the following equation: 

e = Enc (Ik, r (+) IV) || Enc (Ik, sk (+) Enc (Ik, r (+) IV)) 

On the sink side, the output e of the encryptor 1002 is received at a step S230. The procedure then goes on to a 
step S231 at which the encrypted source side common session key e is decrypted by using the license key stored in 
the EEPROM unit 50. A result of decryption comprises a 1 st block r' and a 2nd block sk', the sink side common session 
key 

In the encryption and decryption described above, only the use of the correct license key by the sink will result in 
sk = sk'. As a result, the source and the sink are allowed to share a common session key 

The equation of the encrypted source side common session key e given above means that, each time the source 
side common session key sk is encrypted, a different encrypted source side common session key e is resulted tn even 
if the value of the session key sk remains unchanged. This is because the random number r involved m the encryption 
changes As a result, it is difficult for a person who stole different values of the encrypted source side common session 
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key sk to determine whether or not the values ^generated in the , same ee Mien ^ 
It shou.d be noted that. ir. addition to the CBC ^^^^^^.ST^-eh include a feedback 

SChn Byt way. In the processing fomented by the embodiment showr .in 

common session key sk and transmits an encrypted source s,d . common •"«^ ke ^£^ e to produce a sink 
authorized sink is capab.e of correctly decrypting the «^rypted source s de sK in P essence . the 
side common session key sk' having the same ^ ^^^^^^IZT^LbI the source itself 
embodiment is a system wherein the sink is authent.cated by the source. In this 'P^ure owe . 
is not authenticated. As a result, even if an unauthorized source ^^i^^ k '^^ t ^ aa c^ 
side common session key to a sink, it is quite within the bounds of possibim '™£^Z£T? n order to solve this 
of the encrypted source side common session key e as a sink s.de common ses ^ 

problem, anembodiment implementing the authentication procedure as f^^^^S^ computer 2 
As shown in the figure, the authentication procedure beams w th a step 824 1 at M the per P ^ 

serving as the sink generates a random number r having a '" he and0 m number is 

number of bris is 64. a typica. value. The procedure then goes on Ac . a step S242 * wh *h me ra ^ 
transmitted to the DVD player 1 serving as the source. Then, th X° C ! on J nu P i!tofstep sS?at which the DVD player 

following equation. 

Ik = hash (ID || service_key) 

Then, the procedure proceeds to a step S249 at which the DVD player 1 generates a source side common session 
^ 'subsequently, the procedure continues to a step S250 at which the DVD player 1 generates an encrypted source 
as side common session key e by using the following equation: 

e = Enc (Ik, r || sk) 

TheprocedurethengoesontoastepS251 at which the DVD player 1 transmits the encrypted source sidecommon 

session key e to the personal computer 2. . , K „ V . uch as 1he C BC mode is adopted in the 

It should be noted that any encryption mode including a feedback loop such as the obo moo 

encryption carried out at the step S250^ computer 2 receives the encrypted source 

Then, the procedure proceeds to a step S252 at which tne personal con w personal compuler 

side common session key e. Subsequently, the procedure continues to ^^J^^^ alMt ^ 
2 decrypts the encrypted source side common session key e by using the license key to produce || . 

01 ' Te number of brfs included in f is the same as that of the random number r generated at the step S241 which is 

determined in advance. , , o M a m i n es if r = r' holds true. 11 r - 

The procedure then goes on to a step S254 at ^^^^^^^^^ the source side 
f holds true, the personal computer 2 authenticates the DVD playerl as a vana .sou g enerating a correct 

a valid source and, hence, discards the source side common session key sk . 
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sink . cape,, of generating a co.ec, * side common session Key * as is the case with the embodiment s-wn 
^ig^isadiagramshow^^ 

register^ prescribed by the I EEE 1 394 specfficat^saro typicaHy^Ml ^ time 1 unlfo ^ m . fhe cyclejime 

are used to make time information o, apparatuses connected to JelEE^ ^ apparalus Qn the 

registers ol the apparatuses are updated uniformly by a ^^^^ e Zy one by a common clock signal 
13 94 serial bus 11. The contents of each ol ^^^^^^^^ the 1394 seriai bus 11. 
with a frequency of 24.576 MHz or incremented once ^W f™ J \ gre adjusted t0 agree with each other. 
,n this way, the times of the apparatuses connected to he ] s T , sk t0 produC e an encrypted 

The procedure then goes on to a step S26B at which the uvu P y y encrypted source 

source side common session key e. Then, the , p^edure any encrypti0 n mode including a 

side common session key e to the personal computer 2. It shouic . oe 

other hand, T" is judged to be invalid. n to be a valid apparatus and hence 

„ r passes the validity test, the personal computer 2 ,udg. D ^ Qn the otner nand , , ne personal 
accepts the sink side common session key sk". If T does not pass mev v Rey sk . js 

computer 2 judges the DVD P .ayer 1 to be ™™*^^££* a Srect license key Ik is capab.e of generating 
discarded. This is because only an apparatus capable ol ^ genera, ng a Ql the encryp , e d source side 

such an encrypted source side common session key e hat ^ ^'^^ ^ register . 
common session key e using the license key ^^^^^JZurlsB^M^^^^^ 
By providing an embodiment lor implementing an **^*™*™° 0 retains , he , e ature thai only an authorized 

'^n Reprocessing^^ 

is capable of correctly decrypting the Z^^Fl^ tn essence, the embodiment is a 

session key sk' which is equal to the source side <^r£™^ t eUn an unauthorized sink is capable of 
system wherein the source authent.cates the s.nk. In , tt«a . ey stem I no ■ source sjde common sesslon 

obtaining an encrypted source side common t^g^^^^SS* the unauthorized sink decrypts the 
key sk using a license key Ik. It is thus quite within founds o, poasM rty t ^ ^ ^ „ 

encrypted source side common session key e in an attempt to obtain a sink siae 

equal to the source side common session key sk authentication procedure for solving the problem 

Fig. 37 is a diagram showing an -^'^^^^jS^ion of the source side common 
described above whereby the source transmit, an ?£^W apparatus. The procedure is explained below 

bytTrr^ 

canb s ^xr 0 fT^ 

as those of the steps 81 to S5 of the procedure shown , ,n ^ f n of bits determined in advance at typically 
DVD player 1 generates random numbers r1 and r2 ^h^nga numb r c > ^ ^ ^ ^ 

64 and concatenates them to form M1 . The procedure hen goat on to a s p ^ & ^ g slep s288 

Ml by using the Hcense key Ik to ^^.t^^nS^ullnB £ "cense key at a step S290 to produce 
The personal computer 2 receiving X at a ^P^ 9 d *^^^ ln B ga p^termlned numberof bits, typically. 
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is then transmitted to the DVD player 1 at a slep S294. 

The DVD player 1 receiving Y at a step S295 decrypts Y by using the license key Ik at a step S><!9b to lorrr 
whJTi regarded'as r3' || r2". a concatenation of r3' and «r each comprising a predetermined number of b^t**-* 

to hp an unauthorized aDDaratus and hence terminates the authentication protocol. It r2 is found equai 10 r*. on m» 

Z^^oZTllu continues to a step S299 at which * is concatenated with sk to Mpr<*uce M3. Then, he 
procedure goes on to a step S300 at which M3 is encrypted by using the license key Ik to produce an encrypted text 
io Z which is then transmitted to the personal computer 2 at a step S301. 

• The personal computer 2 receiving Z at a slep S302 decrypts Z by us.ng the license ke y . ^^/^ber oTblte 
M3' which is regarded as r3' || sk', a concatenation of r3" and sk" each comprising a predeterm ned n " m ^ er °^' ts - 
,^ical y ?64 bits The procedure then goes on to a step S304 to check if r3" is equal to r3 ^^ X ^Z!fn d 
«£■ is found unequal to r3. the personal computer 2 judges the DVD player 1 to be an unauthorized apparatus and 
Lc S. authentication protocol. If r3» is found equal to r3. on the other hand. **£Z"*%^£ 
accep s the sink side common session key sk' produced at the step S303 as the source side ™™ £»™ ^ 
With the authentication protocol implemented by the embodiment described above, after the DVD player 1 serving 
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fact that an n'-bit encryption algorithm is adopted. This is because, if the first ^^^^^^SZ 
used as the first n bits of Z at the step S300 as they are, the source will pass the validity test carried out Dy 

40, dia r^elch sowing an authentication protocol whereby, not only does ^^^^^ .X 
resting from encryption of a source side common session ^^Ta^S^ US Ration 
is also capable of authenticating the source. The procedures shown in Figs. 38 and 39 are eacn a iyp. C 

° 1 oTTS rmrodilm implementing an authentication protocol of Fig. 38 is explained. In this embodiment, 

any e cryptSn moTinc^ng a feedback loop such as the CBC mode can be adopted « " < ^^ f ^ im . 

Since Pieces of processing carried out at steps S311 to S327 of the procedure shown in the figure are the same 
as thosTofthe ^steps ?281 o S297 of the procedure shown in Fig. 37. their explanation is not repeated * a step 
S328 the D VD S^Tgenerates a random number r4 and a sources side common - J-^ JJ^rS 
number of bits determined in advance a, typically 64. The procedure then ^^^^J^^^^, 
catenated with r3" and sk to produce MS. Then, the procedure proceeds to a step : S3M ^ l **f s '^ nC,yP V 
using the license key Ik to produce Z which is then transmitted to the personal computer 2 ^.jPg 

The personal computer 2 receiving Z at a step S332 decrypts Z by us.ng the license key ^^^^ 
MS' which is reaarded as r4' II r3" II sk', a concatenation of r4\ r3" and sk' each compr.smg a predetermine numbs of 
bits ^ta* eK?Se Procedure 'then goes on to a step S334 to check if r3" is equal to ^ 
v»i h r3» is found unequal to r3 the personal computer 2 judges the DVD player 1 to be an unauthorized apparatus 
an h nee, efmTnate^ protocol. .IW is found equal to r3, on the other ^J^S^S 

2 accents the sink side common session key sk' produced at the step S333 as the source side common sess.or key >ak. 

fn?h a embSment imp.ementing the authentication protoco. described above not 
an encrypted text resulting from encryption of a source side common session key after verifying the validity of the sink, 
so but the sink is also capable of authenticating the source. modification 
Much like the procedure of Fig. 38 described above, the procedure shown in Fig. 39 is also a typical moamcai on 
of the .^irn^n^n in Fig. 37. In this embodiment, any encryption mode including a feedback .oop such as the 
CBC mode can be adopted as an encryption mode. 

Since pieces of processing carried out at steps S351 to S361 of the procedure shown in F,g 39 a '°f * sa ™ aS 
ss those of the steps S281 to G2Q1 of the procedure shown in Fig. 37 their exp.anaV.on is no^^epeate^ At a step S362 
the personal computer 2 generates r2' || r3 as M2. The procedure then goes on to art sp SS *3 « atwhch the persona 
computer 2 encrypts M2 by using the license key to produce Y which is then transmuted to the DVD player 1 at a step 
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The DVD player 1 receiving Y at a slep S365 decrypts Y by using ihe license key Ik at a step S366 to i produce M2 
whicMs regarSed'as r2» || r3, a concatenation ol *• and r3 each comprising a predetermined number o, b«s typ.ca,^ 
64 bits. The procedure then goes on to a step S367 to check if r2» is equal to r2 generated at the step S356. If r2 is 
found unequal to r2. the DVD player 1 judges the personal computer 2 to be an unauthorized apparatus and hence, 
terminates the authentication protocol. If r2" is found equal to r2. on the other hand the procedure > goes °n to a step 
S36B at which the DVD player t generates a source side common session key sk. The procedure then «ee*lo 
step S369 at which sk is concatenated with r3' to produce M3. Then, the procedure continues to a step S370 at which 
M3 is encrypted by using the license key Ik to produce an encrypted text Z which is then transmitted to the persona. 

^pe^ona SSl'r 2 receiving Z at a step S372 decrypts Z by using the Iteense key at .^S^pjcjc. 
M3' which is regarded as r3" || sk". a concatenation of r3° and sk' each comprising a Predetermined n um ber °f bits, 
typically. 64 bits The procedure then goes on to a step S374 to check 11 r3" is equal to r3 generated at the step S361 . 
It r3" is found unequal to r3. the personal computer 2 judges the DVD player 1 to be an unauthorized apparatus and 
hence, terminates the authentication protocol. If r3" is found equal to rS. on the other hand, the persona, ^mputer 2 
accepts the sink side common session key sk' produced at the step S373 as the source side common sess.on ey sic 

in the embodiment implementing the authentication protocol as described above, the source «"«™WJJ 
text resulting from encryption of a source side common session key sk to the sink after verifying the validity of the sink 
and. in addiL, the sink is also capable of authenticating the source. On the top of that, much the embodimen 
shown in Fig. 33, in the case of the present embodiment, even if the source side common session key 
the source produces an encrypted text Z by using the license key Ik remains unchanged ,n a je*s °n. : [ *™ 
encryption to encryption during the session due to the tact that r4, a variable number B^et«edt^e D^phver1 
is involved in each encryption. As a result, the present embodiment offers a feature that makes it difficult for an unau 
thorized person to steal transmitted information. ,u«/„„ih..prt.Biiinriinns 

Fig. 40 is a diagram showing an embodiment implementing an authentication protocol having the ^me functions 
as those shown in Figs. 38 and 39. Also in the present embodiment, any encryption mode mc luding a feedback ^oop 
such as the CBC mode can be adopted as an encryption mode. Since pieces of processing »™*^ r '*£^ 
to S3B4 of the procedure shown in the figure are the same as those of the steps 61 to S4 of the P«* u £ * own ,„ 
Fig 4 their explanation is not repeated. At a step S385, the DVD player 1 generates a random number Rsrc having 
a predetermined number of bits typically. 64 bits. The procedure then goes on to a step S386 at which the random 
number Rsrc is transmitted to the personal computer 2. fc . ra ^ m n„ m h.rferc 

Then the procedure proceeds to a step S387 at which the personal computer 2 receives the random number Rsrc 
Subsequently, the procedure continues to a step S388 at which the personal computer 2 * ^^"^ 

Rsnk having a predetermined number of bits, typically, 64 bits. The procedure then goes on to a slep S389 atwhwh 
the randomnumber Rsrc is concatenated wrth the random number Rsnk to genera* .Ml ^^^SS"^^ 
to a step S390 at which M1 is encrypted by using the license key to produce X which « then transmitted to the DVD 

PlHy S aSe a p S S392 me DVD player 1 receives X. The procedure then goes on to a step S393 at which a license key 
,k is computed from an ID as^ed to the persona, computer 2 and a service key. At a step ^•J^'^'J 
is used for decrypting X to produce MV which is regarded as Rsnk' || Rsrc'. a concatenation of Rsnk and Rsrc each 
comprising a predetermined number of bits, typically. 64 bits. Then, the procedure proceeds to a step S39S ► tocheck 
if Rsrc' = Rsrc' If Rsrc' is found unequal to Rsrc, the personal computer 2 is judged to be > an unatfhonzed appara us 
in which case the authentication protocol is terminated. If Rsrc' is found equalto Rsrc, on the other hand, th prccedu e 
proceeds to a step S396 at which the DVD player 1 generates a source side common session key sk. S .^sequent y 
the procedure continues to a step S397 at which Rsrc is concatenated with Rsnk' and sk to B™™^™**^™ 
then goes on to a step S398 at which M2 is encrypted by using the license key Ik to produce Y which is then transmitted 
to the personal computer 2 at a step S399. ..^cinnnnrriHiifP 

The personal computer 2 receiving Y at a step S400 decrypts Y by using the license key at a step S401 to produce 
M3 which is regarded as Rsrc" II Rsnk" II sk'. a concatenation of Rsrc', Rsnk' and sk' each comprising a predetermined 
number of bits, typically, 64 bhs.Theprocedure then goes on toa S tepS402tocheckifRsnk",se^ 
at the step S388 It Rsnk" is found unequal to Rsnk. the personal computer 2 judges the DVD player 1 to be an 
unauthorized apparatus in which case the sink side common session key sk' is discarded. If Rsnk is found equal to 
Rsnk, on the other hand, sk' is accepted as a common session key. 

I n the embodiment implementing the authentication protocol as described above, the source nsm, s an encryp ted 
text resulting from encryption of a source side common session key sk to the sink after verifying the validity ■« the uank 
and. in addition, the sink is also capable of authenticating the source. On the top of that, much take the ' pediment 
shown in Fig. 33, in the case of the present embodiment, even if the source side common session key sk from which 
the source produces an encrypted text Y by using the license key Ik remains unchanged in a session , Y vanes from 
encryption to encryption during the session due to the fad that Rsrc, a variable number generated by the DVD player 
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1. is invoked in each encryption. As a resu.t. ,he present embodiment offers a leature that makes it difficult for an 
unauthorized person to steal transmitted information. Der sonal computer 2 and 

composing a daia processing system to each other ™ ™ L P d electronic apparatuses connected to each 
bodiments. That is. a variety of buses can be used as an external bus ^J^SJd above. Any arbitrary elec- 
other by the external bus are not limited to those employed in the embod.ments described aoove. y 
tronic apparatuses can be used to compose the data processing system^ presented 
It is also worth noting that a variety of P^^ams consis^ng of inst ^™ to used . „ necessary, 

to the user through providing media such a magnetic disc, a CD-ROM disc an la ^™™°™ n 
by storing the programs in a RAM unit or a hard disc incorporated .n and an illustrative 

man illustrative information processing apparatus, an identification data 
recording medium provided by the present invention a 1st key LK , ^^^^^^ in1orma tion 

0t ^addition, in another i.lustrative information processing apparatus another ^trative 

method and another i.lustrative recording medium provided by th. > presen ^^^p^^i^SS,.. A 
determined information to undergo predetermined Passing . ^ " ^SJ^^'iSed from another 

thereto, further assuring the security of the '^^^ illustrative information processing method and a further 

With an illustrative information processing system, a further '■ uetratwe n o ma o P *» appara t us , a 1 st key 

illustrative recording medium provided by the present invention. ^J^^^^^^S^^^ 
SVK associated with information to be transmitted to the 2nd ^ ( T^^^!SX^to n xo identification 
function are stored in advance. A 2nd key LK1 is generated by "PP'^"™**" ?' e ^ S W A 3rd key SK1 is 
data assigned to and receded from ^^^S^SSS^Sl S nTormS passing apparatus, 
further generated, encrypted by using the 2nd key LK2 ana transml " e ° l ° ' . assianed to the 2nd information 
in the second information processing apparatus, on the other ^^^^^^ unique to the 2nd 
processing apparatus, that ^^^^ 
35 information processing apparaius, and a 4th key LK2 representing a P°'" / stored in adva nce. The 

on predetermined information received from the 1st information proces key S K1 by 
encrypted 3rd key receded from the 1st information P rocessln S in1orrna tion 
using the 4th key LK2. As a result, an information processing system offering a high security 

(option proofing method and « .«» I-*- ' MM ' , ^^"^''.Zt^^^^''^ 

in addition, with a still further information illustrative processing " ^' ^^STJ the 1st infor- 

processing method and a still further il.ustratrve ) recording ^^^^i^S^^B assigned to 
mation processing apparatus, data H is generated by app .cation of a 1 *J^° n ™™™ SK is encrypted by using 
and received from the 2nd information processing apparatus and a 1st key : SVK A 2r f ^ processing 
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of transmitted information can be implemented. 



Claims 



a signal receiving means for receiving a signal from a partner apparatus; 

a signal transmitting means tor transmitting a signal to a partner apparatus; and d 
a signal encrypting means for carrying out predetermined encrypt.on on a s.gna ^ be^nsmrtted. 
wherein said signal encrypting means examines information ind.cat.ng a s.gnal transmit ting source rece ved 
I^^^no" •£» and. if a signal is found already transmitted to said signa. transm.tt.ng source, 
said signal is not transmitted again to said signal transmitt.ng source. 

2. A data transmitting apparatus according to claim 1 wherein: 

said signal transmitting means transmits an ID requesting signal and an encrypted text; 
said signal receiving means receives an ID; and ,,„„ 
said signal encrypting means generates an encrypted text from a predeterm.ned key. 

a signal receiving means for receiving a signal from a partner apparatus; 

means and information stored in advance; 
a random number; and 
an encrypted text. 

4. A data transmuting apparatus wherein data is transmitted after P' ed f^ 

ratus' own ID code and an ID code received from other equipment has been carried out. said apparaius P 

a signal receiving means for receiving a random number and an ID signal ^^^^^^ appa . 
a signal transmitting means for transmitting an ID requesting s.gnal and an encrypted text to a partner appa 

L^na^nc-vpting means for carrying out predetermined encryption on a signa. to be transmitted, 
a signal receiving means for receiving an ID signal from a partner f Pa ra,us j 

a signal transmitting means for transmitting an ID requesting s.gnal and an encrypted text to a partner appa 

a a sig S na a , n e d ncry P ting means for carrying out predetermined encryption on a signa. to be transmitted, 
wherein said signal encrypting means executes the steps of generating receiving 
1 st information by application of a predetermined function to ID .nformat.on received from said s.gnal receiv.ng 
means and information stored in advance; 
time information; and 

an encrypted text from said time information and said 1st information. 
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6 A data transmitting apparatus wherein data is transmitted alter predetermined processing based upon said appa- 
ratus' own ID code and an ID code received trom olher equipment has been carried out, said apparatus compnsing. 

a signal receiving means for receiving an ID signal and olher signals from a partner ^ 

a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 

ratus* and 

a signal encrypting means for carrying out predetermined encryption on a signal to be transmitted, 
wherein said signal encrypting means executes the steps of: . 
generating 1st Information by application of a predetermined function to ID information receded trom said 
signal receiving means and information stored in advance; 
generating a 1 st random number, 

generating a 1 st encrypted text from said 1 st information and said 1 st random number; 

obtaining 2nd information from said signal receiving means and restoring a 2nd random number included .n 

said 2nd information; and „ lri ,«H tovi oniu 

comparing said 1st random number with said 2nd random number and generat.ng a 2nd encrypted text only 
if an outcome of comparison indicates a predetermined result. 

7 A data transmitting apparatus wherein data is transmitted after predetermined processing based upon said appa- 
ratus' own ID code and an ID code received from other equipment has been carried out, sa,d apparatus composing. 

a signal receiving means for receiving an ID signal and other signals from a partner apparatus; 

a signal transmitting means for transmitting an ID requesting signal and an encrypted text to a partner appa- 

rat us* 3 nd 

a signal encrypting means tor carrying out predetermined encryption on a signal to be transmitted, 
wherein said signal encrypting means executes the steps of: 

aeneratinq a 1st random number, .♦.^-j 
generating 2nd information by application of a predetermined function to said ID signal and .nformat.on stored 

decrypting 6 1st information received from said partner using said 2nd information and restoring a 2nd random 
number included in said 1st information; and ^„,„, 0 h tB vt nniu 

comparing said 1st random number with said 2nd random number and general.ng a 2nd encrypted text only 
if an outcome of comparison indicates a predetermined result. 

8. A data transmitting method whereby: 

data is transmitted after predetermined processing based upon an own ID code and an ID code received from 
other equipment has been carried out; and ir ,w ma ,i„ n ■« 

an authentication requesting signal from a partner apparatus is received and exam '^^"^nlTd aTain 
found already transmitted to said partner apparatus, said information .s not encrypted and transmitted aga n 
to said partner apparatus but, if said information has not been transmitted yet to said partner apparatus, said 
information is encrypted and transmitted to said partner apparatus. 

9. A data transmitting method according to claim 8 whereby an encrypted text is generated from information stored 

in advance and received information. 

10. A data transmitting method whereby data is transmitted after predetermined processing based upon an own ID 
code and an ID code received from other equipmenl has been carried out, said method comprising the steps of. 

transmitting an ID requesting signal; 
receiving an ID; 

generating 1st information by application of a predetermined function to said ID and information stored in advance; 
generating a random number; 

generating an encrypted text from said random number and said 1 st information; and 
transmitting said encrypted text. 

11. A data transmitting method whereby data is transmitted after predetermined processing based upon an own ID 
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code and an ID code received Irom other equipment has been carried out. said method comprising the steps of: 

receiving a random number; 
transmitting an ID requesting signal; 

i^SirirtWonnatton by application of a predetermined function to said ID and information stored in 

advance; * *■ a 

generating an encrypted text from said random number and said 1st information; and 

transmitting said encrypted text. 

12. A data transmitting method whereby data is transmitted after predetermined Processing based ' a ""£j> 
code and an ID code recerved from other equipment has been carried out. sa.d method compnsing the steps of. 

transmitting an ID requesting signal; 
receiving an ID; 

generating 1 st information by application of a predetermined lunction to said ID and information stored in advance; 
generating time information; 

generating an encrypted text from said lime information and said 1st information; and 
transmitting said encrypted text. 

13. A data transmitting method whereby data is iransmHted after predetermined fJ^^^^^^S 
code and an ID code received from other equipment has been carried out. sa.d method comprising the steps of. 

transmitting an ID requesting signal; 
receiving an ID; 

generating 1 st information by application of a predetermined function to said I D and information stored in advance; 
generating a 1st random number; 

generating a 1 st encrypted text from said 1 st random number and said 1 st information, 
transmitting said 1st encrypted text; 
receiving 2nd information; 

restoring a 2nd random number from said 2nd information; and . „ ^ ^ * fiV * nnK , 

comparing said 1 st random number with said 2nd random number and generating a 2nd encrypted text only 
if an outcome of comparison indicates a predetermined result. 

14. A data transmitting method whereby data is transmitted after 

code and an ID code received from other equipment has been carried out, said method comprising the steps of. 

transmitting an ID requesting signal; 
receiving an ID; 

generating a 1st random number; 
transmitting said 1 st random number; 

geZaxVg 2nd Morton by application of a predetermined lunction to said ID and information stored in advance, 
decrypting said 1st information using said 2nd information and restoring a 2nd random number .ncluded in said 

1 81 '"comparingTald 1st random number with said 2nd random number and generating a 2nd encrypted text only 
if an outcome of comparison indicates a predetermined result. 

15. A data receiving apparatus lor decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a siqnal receiving means for receiving a signal from a partner apparatus; 

a text decrypting means for decrypting an encrypted text received by said signal receiving means; and 
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a siqnal transmitting means for transmitting a signal to a partner apparatus 

S said signal transmitting means transmits an authentication requesting s.gnal and an .D signa.. 

16 A data receiving apparatus tor decrypting data received trom other equipment using said apparatus' own key and 
information also received Irom said other equipment, said apparatus comprising. 

a signal receiving means for receiving a signal Irom a partner apparatus; 

a fext decrypting means tor decrypting an encrypted text received by said signal receiving means, and 
a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: ... ( ^ 

said signal receiving means receives an ID requesting s.gnal and an encrypted text 

said signal deciypting means generates a random number, compares said generated ™^ un *^ * 
random number included in said encrypted text received by said signal receiving means and generates a 
decrypted output only if a result of comparison satisfies a predetermined condition; and 
said signal transmitting means transmits said generated random number. 

17 A data receiving apparatus for decrypting data received from other equipment using said apparatus" own key and 
information also received trom said other equipment, said apparatus comprising: 

a sianal receiving means for receiving a signal from a partner apparatus; 

a ixt dec Opting means for decrypting an encrypted text received by said signal receding means, and 
a signal transmitting means for transmitting a signal to a partner apparatus, 

wherein: , . ,^,-~t. 

said signal receiving means receives an ID requesting signal and an encrypted text 

said siqnal decrypting means generates a random number, compares said generated random ™ mb * r *™ \ 
random numbeMnclLd in slid encrypted text received by sad signal receding means and generates a 
decrypted oulput only if a result of comparison satisfies a predetermined condilion; and 
said signal transmitting means transmits an ID. 

18 A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
information also received from said other equipment, said apparatus comprising: 

a siqnal receiving means for receiving a signal from a partner apparatus; . . . 

a text decrypting mean, for decrypting an encrypted text received by said s.gna. receiving means, and 
a signal transmitting means for transmitting a signal to a partner apparatus, 

Signal receding means receives an ID requesting signal, a 1st encrypted text and a 3rd encrypted text; 

a 2nd encrypted text from said generated random number and said 1* 
fincrvnted text received by said signal receiving means; and 

Spares S generated'random'n umber with a random number included in said ^^STJS^ 
by said signal receiving means and generates a decrypted output only ,f a result of comparison satisfies a 
predetermined condition; and 

said signal transmitting means transmits an ID and said 2nd encrypted text. 

19 A data receiving apparatus for decrypting data received from other equipment using said apparatus' own key and 
inlormation also received trom said other equipment, said apparatus comprising: 

a siqnal receiving means for receiving a signal from a partner apparatus; 

a text decrypting means for decypting an encrypted text received by said signal receiving means, and 
a signal transmitting means for transmitting a signal to a partner apparatus, 

TaWstnal receiving means receives an ID requesting signal, a 1st random number and a 2nd encrypted text; 

Tn^T^lZZ^ and a 1 st encrypted text from sz« generated 2nd random number and said 

' I~sai^ included in said 2nd encrypted text 

SeTb%ifs"gna> receiving means and generates a decrypted output only if a result of comparison 
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- ,0 and said ,« enc,pted te«. 

2 O.Adatareceiving m ethcKHo^^ 

received Irom said other equipment, said method comprising the steps ot. 

transmitting an authentication requesting signal; 

receiving an ID requesting signal; 

transmitting an ID; 

receiving an encrypted text; and 

decrypting a received encrypted text. 

received Irom said other equipment, said method comprising the steps of. 

generating a random number; 
transmitting said random number; 
receiving an ID requesting signal; 
transmitting an ID; 

receiving an encrypted text; and number included in said received encrypted text 

Tn7gS^^^ 

22 .Adatareceiving method tor decrypting data received 

received Irom said other equipment, said method comprising the steps of. 

receiving an ID requesting signal; 
transmitting an ID; 

receiving an ID requesting signal; 

transmitting an ID; 

receiving a 1st encrypted text; 

9 9 rS : S3 r^edCL said generated 2nd random number and a 1st random number inc.uded 

in said received 1st encrypted text; 
transmitting said 2nd encrypted text; 

L^'S^^'SStam number and a 3rd random number inc.uded in sa* received 3rd en- 

gSinga^rypted output only if a resu.t ot evaluation satisfies a predetermined condition. 

24. A data receiving method tor decrypting data received from f^^**^ '^^j! using an own key and information also 
received Irom said other equipment, said method comprising the steps of. 

receiving an ID requesting signal; 

transmitting an ID; 

receiving a 1st random number; 

SS5'. « SSSSSU *c sen,,.,*, M m«- — « — " 

number; 

transmitting said 1st encrypted text; 
receiving a 2nd encrypted text; and 
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evaluating said generated 2nd random number and a 3rd random number included in said received 2nd en- 
gen^ralinTa^ecrypted output only if a result of evaluation satisfies a predetermined condition. 

25. A recording medium lor storing a program prescribing a data transmitting method whereby: 

data is transmitted after predetermined processing based upon an own ID code and an ID code received from 
other equipment has been carried out; and . informal inn k 

an authentication requesting signal from a partner apparatus is received and exam.n ^ 
found already transmitted to said partner apparatus, said information .s not encrypted «^^^^\ 
to said partner apparatus but, il said information has not been transmitted yet to sa,d partner apparatus. sa,d 
information is encrypted and transmitted to said partner apparatus. 

26. A recording medium according to claim 25 wherein an encrypted text is generated from information stored in 

advance and received information. 

27. A recording medium for storing a program prescribing a data transmitting method ^^^J^^^ 
predetermined processing based upon an own ID code and an ID code rece.ved from other equ.pment has been 
carried out, said method comprising the steps of: 

transmitting an ID requesting signal; 
receiving an ID; 

generatingtst information by application of a predetermined function to saidlDand information stored In advance; 

generating a random number; 

generating an encrypted text from said random number and said 1st information; and 
transmitting said encrypted text. 

28. A recording medium for storing a program prescribing a data transmitting ^^J^ 0 ^^}^^^ 
predetermined processing based upon an own ID code and an ID code received from other equ.pment has been 

carried out, said method comprising the steps of: 

receiving a random number; 
transmitting an ID requesting signal; 

gen^?ng an is? : information by application of a predetermined function to said ID and information stored in 
advance' 

generating an encrypted text 1rom said random number and said 1st information; and 
transmitting said encrypted text. 

29. A recording medium for storing a program prescribing a data transmitting method whereby <^™™^££ 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 

carried out, said method comprising the steps of: 

transmitting an ID requesting signal; 
receiving an ID; 

generating 1 st information by application of a predetermined function to said ID and information stored in advance; 
generating time information; 

generating an encrypted text from said time information and said 1 st information, and 
transmitting said encrypted text. 

30. A recording medium for storing a program prescribing a data transmitting ^J^^^^^^ 
predetermined processing based upon an own ID code and an ID code received from other equipment has been 
carried out, said method comprising the steps of. 
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transmitting an ID requesting signal; 
receiving an ID; 



transmitting said 1st encrypted text; 
receiving 2nd information; 

restoring a 2nd random number Irom said 2nd information; 

carried out, said method comprising the steps of. 

transmitting an ID requesting signal; 
receiving an ID; 

generating a 1st random number; 
transmitting said 1st random number; 

receiving 1 st information; iM . inn t _ cairi lD anc j information stored in advance; 

1st information; 

prising the steps of: 

transmitting an authentication requesting signal; 

receiving an ID requesting signal; 

transmitting an ID; 

receiving an encrypted text; and 

decrypting a received encrypted text. 

prising the steps of: 

generating a random number; 
transmitting said random number; 
receiving an ID requesting signal; 
transmitting an ID; 

prising the steps of: 

receiving an ID requesting signal; 
transmitting an ID; 
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'^Z^S^^^n inched in said received encrypted text and generating a decrypted 
output only if a result of comparison satisfies a predetermined condition. 

prising the steps ot: 

receiving an ID requesting signal; 

transmitting an ID; 

receiving a 1 st encrypted text; 

££3 : £ ZSSSi*. -» »- — < — ■ - ■ « -* — - 

in said received 1st encrypted text; 
transmitting said 2nd encrypted text; 

Z^l^T^ZL m number and a 3rd random number included in said receded 3rd en- 
7enT^^P^ output only if a resu.t of evaluation satisfies a predetermined condition. 

prising the steps of: 

receiving an ID requesting signal; 

transmitting an ID; 

receiving a 1st random number; 

KSS".^ enCedTexuVom said generated 2nd random number and said received 1st random 

number; 

transmitting said 1 st encrypted text; 

SSgsaid JESSS^ number and a 3rd random number included in said received 2nd en- 
genCinta^crypted output oniy if a result of evaluation satisfies a predetermined condition. 
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